pysec - pysec-2024-153

pysec-2024-153

Vulnerability from pysec

Published

2024-08-12 17:15

Modified

2024-11-25 21:22

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit",
        "purl": "pkg:pypi/streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3a639859cfdfba2187c81897d44a3e33825eb0a3"
            }
          ],
          "repo": "https://github.com/streamlit/streamlit",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.37.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1",
        "0.11.0",
        "0.12.2",
        "0.12.3",
        "0.12.4",
        "0.13.0",
        "0.13.1",
        "0.13.3",
        "0.13.5",
        "0.14.2",
        "0.15.0",
        "0.15.1",
        "0.15.2",
        "0.15.3",
        "0.15.4",
        "0.15.5",
        "0.15.6",
        "0.16.0",
        "0.16.1",
        "0.16.2",
        "0.16.3",
        "0.17.0",
        "0.17.1",
        "0.17.2",
        "0.18.0",
        "0.18.1",
        "0.19.0",
        "0.19.1",
        "0.2",
        "0.20.0",
        "0.21.0",
        "0.22.0",
        "0.22.1",
        "0.22.2",
        "0.23.0",
        "0.24.0",
        "0.24.1",
        "0.24.2",
        "0.24.3",
        "0.25.0",
        "0.26.0",
        "0.26.1",
        "0.27.0",
        "0.28.0",
        "0.29.0",
        "0.3",
        "0.30.0",
        "0.31.0",
        "0.32.0",
        "0.33.0",
        "0.34.0",
        "0.35.0",
        "0.36.0",
        "0.37.0",
        "0.4",
        "0.40.0",
        "0.40.1",
        "0.41.0",
        "0.42.0",
        "0.43.0",
        "0.43.1",
        "0.43.2",
        "0.44.0",
        "0.45.0",
        "0.46.0",
        "0.47.0",
        "0.47.1",
        "0.47.2",
        "0.47.3",
        "0.47.4",
        "0.48.0",
        "0.48.1",
        "0.49.0",
        "0.5",
        "0.50.0",
        "0.50.1",
        "0.50.2",
        "0.51.0",
        "0.52.0",
        "0.52.1",
        "0.52.2",
        "0.53.0",
        "0.54.0",
        "0.55.0",
        "0.55.2",
        "0.56.0",
        "0.57.0",
        "0.57.1",
        "0.57.2",
        "0.57.3",
        "0.58.0",
        "0.59.0",
        "0.6",
        "0.60.0",
        "0.61.0",
        "0.62.0",
        "0.62.1",
        "0.63.0",
        "0.63.1",
        "0.64.0",
        "0.65.0",
        "0.65.1",
        "0.65.2",
        "0.66.0",
        "0.67.0",
        "0.67.1",
        "0.68.0",
        "0.68.1",
        "0.69.0",
        "0.69.1",
        "0.69.2",
        "0.7",
        "0.70.0",
        "0.71.0",
        "0.72.0",
        "0.73.0",
        "0.73.1",
        "0.74.0",
        "0.74.1",
        "0.75.0",
        "0.76.0",
        "0.77.0",
        "0.78.0",
        "0.79.0",
        "0.8",
        "0.8.2",
        "0.80.0",
        "0.81.0",
        "0.81.1",
        "0.82.0",
        "0.83.0",
        "0.84.0",
        "0.84.1",
        "0.84.2",
        "0.85.0",
        "0.85.1",
        "0.86.0",
        "0.87.0",
        "0.88.0",
        "0.89.0",
        "0.9.0",
        "1.0.0",
        "1.1.0",
        "1.10.0",
        "1.10.0rc1",
        "1.10.0rc2",
        "1.11.0",
        "1.11.0rc1",
        "1.11.1",
        "1.11.1rc1",
        "1.12.0",
        "1.12.0rc1",
        "1.12.0rc2",
        "1.12.1",
        "1.12.1rc1",
        "1.12.2",
        "1.12.2rc1",
        "1.12.2rc2",
        "1.13.0",
        "1.13.0rc1",
        "1.13.0rc2",
        "1.14.0",
        "1.14.0rc1",
        "1.14.1",
        "1.14.1rc1",
        "1.15.0",
        "1.15.1",
        "1.15.2",
        "1.15.2rc1",
        "1.16.0",
        "1.17.0",
        "1.18.0",
        "1.18.1",
        "1.18.1rc1",
        "1.19.0",
        "1.2.0",
        "1.20.0",
        "1.21.0",
        "1.22.0",
        "1.23.0",
        "1.23.1",
        "1.24.0",
        "1.24.1",
        "1.25.0",
        "1.26.0",
        "1.26.1",
        "1.27.0",
        "1.27.1",
        "1.27.2",
        "1.28.0",
        "1.28.1",
        "1.28.2",
        "1.29.0",
        "1.3.0",
        "1.3.1",
        "1.30.0",
        "1.31.0",
        "1.31.1",
        "1.32.0",
        "1.32.1",
        "1.32.2",
        "1.32.2rc1",
        "1.33.0",
        "1.34.0",
        "1.35.0",
        "1.36.0",
        "1.4.0",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.0rc3",
        "1.6.0rc4",
        "1.7.0",
        "1.8.0",
        "1.8.0rc1",
        "1.8.1",
        "1.8.1rc1",
        "1.9.0",
        "1.9.0rc1",
        "1.9.1",
        "1.9.1rc1",
        "1.9.1rc2",
        "1.9.2",
        "1.9.2rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42474",
    "GHSA-rxff-vr5r-8cj5"
  ],
  "details": "Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.",
  "id": "PYSEC-2024-153",
  "modified": "2024-11-25T21:22:50.933853+00:00",
  "published": "2024-08-12T17:15:17+00:00",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5"
    },
    {
      "type": "FIX",
      "url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2024-42474

Vulnerability from cvelistv5

Published

2024-08-12 17:01

Modified

2024-08-12 19:28

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Summary

References

▼	URL	Tags
	https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5	x_refsource_CONFIRM
	https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

streamlit

Version: < 1.37.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42474",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-12T19:27:54.309045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T19:28:13.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "streamlit",
          "vendor": "streamlit",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.37.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Streamlit is a data oriented application development framework for python. Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-12T17:01:44.557Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5"
        },
        {
          "name": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3"
        }
      ],
      "source": {
        "advisory": "GHSA-rxff-vr5r-8cj5",
        "discovery": "UNKNOWN"
      },
      "title": "Streamlit Path Traversal Security Vulnerability on Windows"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-42474",
    "datePublished": "2024-08-12T17:01:44.557Z",
    "dateReserved": "2024-08-02T14:13:04.615Z",
    "dateUpdated": "2024-08-12T19:28:13.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

ghsa-rxff-vr5r-8cj5

Vulnerability from github

Published

2024-08-12 18:35

Modified

2024-11-26 18:52

Severity ?

5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.0 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Summary

Path traveral in Streamlit on windows

Details

1. Impacted Products

Streamilt Open Source versions before 1.37.0.

2. Introduction

Snowflake Streamlit open source addressed a security vulnerability via the static file sharing feature. The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.

3. Path Traversal Vulnerability

3.1 Description

On May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of 5.9

3.2 Scenarios and attack vector(s)

Users of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the static file sharing feature is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit.

3.3 Resolution

The vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.

4. Contact

Please contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "streamlit"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.37.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42474"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-12T18:35:12Z",
    "nvd_published_at": "2024-08-12T17:15:17Z",
    "severity": "MODERATE"
  },
  "details": "### 1. Impacted Products\nStreamilt Open Source versions before 1.37.0.\n\n### 2. Introduction\nSnowflake Streamlit open source addressed a security vulnerability via the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files). The vulnerability was patched on Jul 25, 2024, as part of Streamlit open source version 1.37.0. The vulnerability only affects Windows.\n\n### 3. Path Traversal Vulnerability \n#### 3.1 Description\nOn May 12, 2024, Streamlit was informed via our bug bounty program about a path traversal vulnerability in the open source library. We fixed and merged a patch remediating the vulnerability on Jul 25, 2024. The issue was determined to be in the moderate severity range with a maximum CVSSv3 base score of [5.9](https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)\n#### 3.2 Scenarios and attack vector(s)\nUsers of hosted Streamlit app(s) on Windows were vulnerable to a path traversal vulnerability when the [static file sharing feature](https://docs.streamlit.io/develop/concepts/configuration/serving-static-files) is enabled. An attacker could utilize the vulnerability to leak the password hash of the Windows user running Streamlit. \n#### 3.3 Resolution\nThe vulnerability has been fixed in all Streamlit versions released since Jul 25, 2024. We recommend all users upgrade to Version 1.37.0.\n\n### 4. Contact\nPlease contact security@snowflake.com if you have any questions regarding this advisory. If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).\n",
  "id": "GHSA-rxff-vr5r-8cj5",
  "modified": "2024-11-26T18:52:17Z",
  "published": "2024-08-12T18:35:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42474"
    },
    {
      "type": "WEB",
      "url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/streamlit/PYSEC-2024-153.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/streamlit/streamlit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Path traveral in Streamlit on windows"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

pysec-2024-153

Vulnerability from pysec

cve-2024-42474

Vulnerability from cvelistv5

ghsa-rxff-vr5r-8cj5

Vulnerability from github

1. Impacted Products

2. Introduction

3. Path Traversal Vulnerability

3.1 Description

3.2 Scenarios and attack vector(s)

3.3 Resolution

4. Contact

Tags

Sightings

Nomenclature