GSD-2020-5256
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-5256",
"description": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"id": "GSD-2020-5256"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-5256"
],
"details": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"id": "GSD-2020-5256",
"modified": "2023-12-13T01:22:03.677192Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5256",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution Through Image Uploads in BookStack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BookStack",
"version": {
"version_data": [
{
"version_value": "\u003c 0.25.5"
}
]
}
}
]
},
"vendor_name": "BookStackApp"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"refsource": "CONFIRM",
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"refsource": "MISC",
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
}
]
},
"source": {
"advisory": "GHSA-g9rq-x4fj-f5hx",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.25.3",
"affected_versions": "All versions before 0.25.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-434",
"CWE-78",
"CWE-937"
],
"date": "2021-01-08",
"description": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.",
"fixed_versions": [
"0.25.5"
],
"identifier": "CVE-2020-5256",
"identifiers": [
"GHSA-g9rq-x4fj-f5hx",
"CVE-2020-5256"
],
"not_impacted": "All versions starting from 0.25.3",
"package_slug": "packagist/ssddanbrown/bookstack",
"pubdate": "2020-03-13",
"solution": "Upgrade to version 0.25.5 or above.",
"title": "Unrestricted Upload of File with Dangerous Type",
"urls": [
"https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"https://nvd.nist.gov/vuln/detail/CVE-2020-5256",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"https://github.com/advisories/GHSA-g9rq-x4fj-f5hx"
],
"uuid": "d009c4c4-4f0c-4747-a226-54b92c8fde2e"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.25.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5256"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/BookStackApp/BookStack/security/advisories/GHSA-g9rq-x4fj-f5hx"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.3"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.5"
},
{
"name": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4",
"refsource": "MISC",
"tags": [
"Release Notes"
],
"url": "https://github.com/BookStackApp/BookStack/releases/tag/v0.25.4"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2020-03-10T13:34Z",
"publishedDate": "2020-03-09T16:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…