{ "id": "CVE-2017-14614", "sourceIdentifier": "cve@mitre.org", "published": "2017-10-10T01:30:21.907", "lastModified": "2017-11-05T23:01:00.730", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in the Visor GUI Console in GridGain before 1.7.16, 1.8.x before 1.8.12, 1.9.x before 1.9.7, and 8.x before 8.1.5 allows remote authenticated users to read arbitrary files on remote cluster nodes via a crafted path." }, { "lang": "es", "value": "Vulnerabilidad de salto de directorio en la consola Visor GUI de GridGain en versiones anteriores a la 1.7.16, versiones 1.8.x anteriores a la 1.8.12, versiones 1.9.x anteriores a la 1.9.7 y versiones 8.x anteriores a la 8.1.5 permite que usuarios autenticados remotos lean archivos arbitrarios en nodos de cl\u00faster remotos mediante una ruta manipulada." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea1:*:*:*:*:*:*", "matchCriteriaId": "EEE026BE-B861-45D6-948E-909BC374B03D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea2:*:*:*:*:*:*", "matchCriteriaId": "567AE911-AABC-4367-8542-410079FED48A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea3:*:*:*:*:*:*", "matchCriteriaId": "9C7656B1-21E9-4848-94F2-1E39B20E1A89" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea4:*:*:*:*:*:*", "matchCriteriaId": "05A94CCD-E824-4D7C-BDF3-ACF945B291CB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.0:ea5:*:*:*:*:*:*", "matchCriteriaId": "55F832FC-F534-4DC9-9164-24B3F64C0900" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "837DEF09-1970-47F8-91A2-BB99C86270A7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea1:*:*:*:*:*:*", "matchCriteriaId": "404FE7FF-F949-4ED4-8934-72877B9397A0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea2:*:*:*:*:*:*", "matchCriteriaId": "68CBDF33-68BF-40C8-863E-FB28859C06D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea3:*:*:*:*:*:*", "matchCriteriaId": "5396510A-ABF4-44C8-B158-199289B2A49F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea4:*:*:*:*:*:*", "matchCriteriaId": "0F8D9C68-5A63-4115-BF7B-9A618C3C4E89" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea5:*:*:*:*:*:*", "matchCriteriaId": "4D9D01D4-7B55-48A3-B723-B5212DA7C614" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea6:*:*:*:*:*:*", "matchCriteriaId": "D599A9AA-D7F1-4BAC-9912-FEFD20CF8F0A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea7:*:*:*:*:*:*", "matchCriteriaId": "F13D33AF-3A67-4C1A-BF32-EC4D87E43B71" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea8:*:*:*:*:*:*", "matchCriteriaId": "B2C02CD3-16E7-4D69-B88A-190B20C90AE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.1:ea9:*:*:*:*:*:*", "matchCriteriaId": "5C9D3AE3-0AE1-4BC0-AB69-33470A59DBE0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea1:*:*:*:*:*:*", "matchCriteriaId": "EF00818E-7760-48BC-B3BE-DB7ECE74548C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea2:*:*:*:*:*:*", "matchCriteriaId": "67448CF4-086C-4E1C-9CB7-C858A4A2A26A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.2:ea3:*:*:*:*:*:*", "matchCriteriaId": "FC4C7C75-A3B3-4C4B-B591-E8274CCBB11E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea1:*:*:*:*:*:*", "matchCriteriaId": "9DA1ADF6-84C8-4E8D-89FA-64B8405EF6AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea10:*:*:*:*:*:*", "matchCriteriaId": "454E3093-A1B0-4ADE-8502-AA20E29A1B30" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea11:*:*:*:*:*:*", "matchCriteriaId": "9C9D21FD-630A-40A2-B926-38DE9B1B3F4E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea12:*:*:*:*:*:*", "matchCriteriaId": "014A03DD-E456-49F6-904E-226AE6B6A4FF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea13:*:*:*:*:*:*", "matchCriteriaId": "AD8D2EE9-2975-42E5-9E9D-0EE0191E656A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea14:*:*:*:*:*:*", "matchCriteriaId": "5EE5C6CB-B574-4E1D-B109-D791E0610681" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea15:*:*:*:*:*:*", "matchCriteriaId": "75CA572A-040C-4EC2-B9C7-8B251B9773A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea16:*:*:*:*:*:*", "matchCriteriaId": "3C129537-040D-493C-950A-363753858D25" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea2:*:*:*:*:*:*", "matchCriteriaId": "E48F248E-EF59-42D5-9EC5-5CB73FC597C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea3:*:*:*:*:*:*", "matchCriteriaId": "BF36FEA1-5043-4DE9-B0C6-E921B6BDBEFD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea4:*:*:*:*:*:*", "matchCriteriaId": "694C284B-FB35-4EEC-B5D2-47EFB797DEE2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea5:*:*:*:*:*:*", "matchCriteriaId": "F6B57D14-EDA9-490E-A8DC-EB0F97FA1944" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea6:*:*:*:*:*:*", "matchCriteriaId": "4465392E-3A19-44D4-9A94-06694C003166" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea7:*:*:*:*:*:*", "matchCriteriaId": "D00BBEBF-4BA5-4900-9F26-D59D8E28CD8E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea8:*:*:*:*:*:*", "matchCriteriaId": "1EBE292F-3E39-4003-A83E-729A80D1A2BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.3:ea9:*:*:*:*:*:*", "matchCriteriaId": "F93FAE54-5BA1-4C0B-B60B-0AF2D53B991D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.0.4:ea1:*:*:*:*:*:*", "matchCriteriaId": "11A753C1-A7D1-4350-BCB7-59C6F4ECA150" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "E0669B37-D33A-43F2-B6DF-E103D3124EF0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "82AE91AD-529D-4917-9E2D-45C0B9B44CE8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "A6EF0C8F-6F7B-464D-92F3-84E056C0E8E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p1:*:*:*:*:*:*", "matchCriteriaId": "E7756B5B-9C0F-432B-9A3F-32024AAC452F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p2:*:*:*:*:*:*", "matchCriteriaId": "6478DCD7-140F-45D8-94AC-C4073E5790B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p3:*:*:*:*:*:*", "matchCriteriaId": "FFFD1396-E045-4CCF-BF1F-7A631F4CD392" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p4:*:*:*:*:*:*", "matchCriteriaId": "374C883B-A463-4F06-BAF2-A5C8774A32E9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.3:p5:*:*:*:*:*:*", "matchCriteriaId": "7C70AFDA-0E9A-4BC2-8018-1C94B259BCA2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "25CAF1B8-7D55-47D6-8848-11A9679B8B76" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p1:*:*:*:*:*:*", "matchCriteriaId": "F516C9D0-C623-495D-BAC8-128E8773A5EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p2:*:*:*:*:*:*", "matchCriteriaId": "83059703-476C-4319-95CC-A1D2E786C003" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:8.1.4:p3:*:*:*:*:*:*", "matchCriteriaId": "0A870CE2-787D-43C7-9245-644E71BBFFE6" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "AA0350A5-3515-4F32-8FD3-57E41A33FD9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "65B95F28-C70E-4330-91C7-6DD7D2668DBE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "101B7478-A7C7-4743-9A2F-BD42581603EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "1084DE79-3480-4923-A97D-9E72ECCAB2D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "F647F0AB-C9AA-428E-873E-4D824CADC710" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "D87992D8-B0EC-4447-8DA0-B7C9DC54983F" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1647DCC-E58C-4440-BEBD-C3E99427427F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "72958D44-1C80-4DB3-90A7-2A110D428458" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "7D1FDC52-6C37-47B6-B0F9-5E0B36A7CA8E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "184592C2-FA6B-41ED-A9CF-04411B067890" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "97BEF2F5-E451-474C-A989-4CC1C39B0FB8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "358317C3-0549-4834-9B1D-7C86835553DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "43C788A7-422E-4F50-B8DE-F350E3B15957" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "14E77D43-C72C-45A0-98E0-0337210CCB05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "C9493CF1-1F27-45BF-B005-232538E3FA09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "D87160D9-0CBC-4835-88D9-B1D095F64D38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "444AD396-1D44-4477-8FAF-C6AAB113285F" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:gridgain:gridgain:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.7.15", "matchCriteriaId": "1693679A-1AE5-4586-8908-F89D37F4425F" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2017/10/05/1", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] } ] }