nvd-json-data-feeds/CVE-2020/CVE-2020-151xx/CVE-2020-15135.json

{
  "id": "CVE-2020-15135",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2020-08-04T21:15:14.953",
  "lastModified": "2024-11-21T05:04:55.120",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user's files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7."
    },
    {
      "lang": "es",
      "value": "save-server (paquete npm) anterior a la versi\u00f3n 1.05, est\u00e1 afectada por una vulnerabilidad de tipo CSRF, ya que no hay mitigaci\u00f3n de CSRF (tokens, etc.). La correcci\u00f3n introducida en la versi\u00f3n 1.05 bloquea involuntariamente la carga, por lo que la versi\u00f3n v1.0.7 es la versi\u00f3n corregida. Esto es parcheado mediante la implementaci\u00f3n de env\u00edo Doble. El ataque de tipo CSRF requerir\u00eda que navegues en un sitio malicioso mientras tienes una sesi\u00f3n activa con Save-Server (clave de sesi\u00f3n almacenada en las cookies). El usuario malicioso podr\u00eda realizar algunas acciones, incluyendo la carga y eliminaci\u00f3n de archivos y la adici\u00f3n de redireccionamientos. Si ha iniciado sesi\u00f3n como root, este ataque es significativamente m\u00e1s severo. Adicionalmente, pueden crear, eliminar y actualizar usuarios. Si actualizaran la contrase\u00f1a de un usuario, los archivos de ese usuario estar\u00edan disponibles. Si se actualiza la contrase\u00f1a de root, todos los archivos ser\u00edan visibles si iniciaran sesi\u00f3n con la nueva contrase\u00f1a. Tome cuenta que debido a la pol\u00edtica del mismo origen, los actores maliciosos no pueden ver la galer\u00eda ni la respuesta de ninguno de los m\u00e9todos, ni asegurarse de que hayan tenido \u00e9xito. Este problema ha sido parcheado en la versi\u00f3n 1.0.7"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.5
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.5
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "baseScore": 6.8,
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:save-server_project:save-server:*:*:*:*:*:node.js:*:*",
              "versionEndExcluding": "1.0.5",
              "matchCriteriaId": "137FD172-368B-4855-AB15-7C7B24ECBF96"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Neztore/save-server/security/advisories/GHSA-wwrj-35w6-77ff",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://medium.com/cross-site-request-forgery-csrf/double-submit-cookie-pattern-65bb71d80d9f",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.npmjs.com/package/save-server",
      "source": "security-advisories@github.com",
      "tags": [
        "Product",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/Neztore/save-server/security/advisories/GHSA-wwrj-35w6-77ff",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://medium.com/cross-site-request-forgery-csrf/double-submit-cookie-pattern-65bb71d80d9f",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.npmjs.com/package/save-server",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product",
        "Third Party Advisory"
      ]
    }
  ]
}