From 6689511e0b4fd52f6d87d5672f9b0e40579bde06 Mon Sep 17 00:00:00 2001 From: snyk-security-bot <66014823+snyk-security-bot@users.noreply.github.com> Date: Fri, 17 Dec 2021 20:00:04 +0000 Subject: [PATCH] Adds CVE-2021-23814 --- 2021/23xxx/CVE-2021-23814.json | 80 ++++++++++++++++++++++++++++++++-- 1 file changed, 76 insertions(+), 4 deletions(-) diff --git a/2021/23xxx/CVE-2021-23814.json b/2021/23xxx/CVE-2021-23814.json index 4ed641292d1..842d7dada2d 100644 --- a/2021/23xxx/CVE-2021-23814.json +++ b/2021/23xxx/CVE-2021-23814.json @@ -3,16 +3,88 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2021-12-17T20:00:01.811275Z", "ID": "CVE-2021-23814", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Arbitrary File Upload" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "unisharp/laravel-filemanager", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0.0.0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://snyk.io/vuln/SNYK-PHP-UNISHARPLARAVELFILEMANAGER-1567199" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/UniSharp/laravel-filemanager/blob/master/src/Controllers/UploadController.php%23L26" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects the package unisharp/laravel-filemanager from 0.0.0.\n The upload() function does not sufficiently validate the file type when uploading.\r\n\r\nAn attacker may be able to reproduce the following steps:\r\n\r\n- Install a package with a web Laravel application.\r\n- Navigate to the Upload window\r\n- Upload an image file, then capture the request\r\n- Edit the request contents with a malicious file (webshell)\r\n- Enter the path of file uploaded on URL - Remote Code Execution\r\n\r\n\r\n**Note: Prevention for bad extensions can be done by using a whitelist in the config file(lfm.php). Corresponding document can be found in the [here](https://unisharp.github.io/laravel-filemanager/configfolder-categories).\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Huy Nguyen" + } + ] } \ No newline at end of file