mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
289 lines
11 KiB
JSON
289 lines
11 KiB
JSON
{
|
|
"id": "CVE-2020-36326",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2021-04-28T03:15:07.400",
|
|
"lastModified": "2024-11-21T05:29:17.330",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "PHPMailer versi\u00f3n 6.1.8 hasta la versi\u00f3n 6.4.0 permite la inyecci\u00f3n de objetos a trav\u00e9s de Phar Deserialization v\u00eda addAttachment con un nombre de ruta UNC. NOTA: esto es similar a CVE-2018-19296, pero surgi\u00f3 porque la versi\u00f3n 6.1.8 corrigi\u00f3 un problema de funcionalidad en el que los nombres de ruta UNC siempre se consideraban ilegibles por PHPMailer, incluso en contextos seguros. Como efecto secundario no intencionado, esta correcci\u00f3n elimin\u00f3 el c\u00f3digo que bloqueaba la explotaci\u00f3n de addAttachment"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"baseScore": 7.5,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "PARTIAL"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 6.4,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-502"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "6.1.8",
|
|
"versionEndIncluding": "6.4.0",
|
|
"matchCriteriaId": "5E408867-E88B-4359-A288-4EFB791D0078"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.7",
|
|
"versionEndExcluding": "3.7.36",
|
|
"matchCriteriaId": "D7107F37-08EA-4338-8C02-72AF08A65160"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.8",
|
|
"versionEndExcluding": "3.8.36",
|
|
"matchCriteriaId": "6AC1DE0D-A45C-481F-BB86-90B0EE362DF2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.9",
|
|
"versionEndExcluding": "3.9.34",
|
|
"matchCriteriaId": "D868EAD0-A15B-4DA6-8083-DF59B0F76F3D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.0",
|
|
"versionEndExcluding": "4.0.33",
|
|
"matchCriteriaId": "16565DA9-2069-4E4C-93B6-1A770D4FAFF0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.1",
|
|
"versionEndExcluding": "4.1.33",
|
|
"matchCriteriaId": "838ACC2C-7BFB-4F33-9C09-3169C71E058F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.2",
|
|
"versionEndExcluding": "4.2.30",
|
|
"matchCriteriaId": "9491276F-8D9B-451A-B127-7633C958B269"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.3",
|
|
"versionEndExcluding": "4.3.26",
|
|
"matchCriteriaId": "3A9E7881-CF97-47B9-A2D9-9C3FE15CC539"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.4",
|
|
"versionEndExcluding": "4.4.25",
|
|
"matchCriteriaId": "786BB974-B009-479F-9729-D03C0A8BA7BD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.5",
|
|
"versionEndExcluding": "4.5.24",
|
|
"matchCriteriaId": "2BF5B2B8-242D-4370-8CB7-30B063A39CC2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.6",
|
|
"versionEndExcluding": "4.6.21",
|
|
"matchCriteriaId": "75662A23-D9BB-4986-A2C1-4CD0D5D8C4CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.7",
|
|
"versionEndExcluding": "4.7.21",
|
|
"matchCriteriaId": "484017D5-2002-4701-91D2-13CB63BD5D2B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.8",
|
|
"versionEndExcluding": "4.8.17",
|
|
"matchCriteriaId": "FB2A8F54-BA4C-433F-A50B-EFB430810D94"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "4.9",
|
|
"versionEndExcluding": "4.9.18",
|
|
"matchCriteriaId": "CABB1071-DA21-4334-B1EC-64A1F144F563"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.0",
|
|
"versionEndExcluding": "5.0.13",
|
|
"matchCriteriaId": "3409E74E-8229-47D3-BC4D-F9B59EEC26CB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.1",
|
|
"versionEndExcluding": "5.1.10",
|
|
"matchCriteriaId": "B41B2EA6-0370-4DE9-B756-21DE60DADE59"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.2",
|
|
"versionEndExcluding": "5.2.11",
|
|
"matchCriteriaId": "927FCECA-558B-4BFF-8FEF-D9DAA0E99567"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.3",
|
|
"versionEndExcluding": "5.3.8",
|
|
"matchCriteriaId": "15E187EB-396C-4BEA-AD0C-B2042A2BCEC8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.4",
|
|
"versionEndExcluding": "5.4.6",
|
|
"matchCriteriaId": "C7B4B6D8-7B29-4ABF-B028-5F31AFF908FF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.5",
|
|
"versionEndExcluding": "5.5.5",
|
|
"matchCriteriaId": "F76762A1-14B1-410A-B2DF-1EFCEFA7FD8A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.6",
|
|
"versionEndExcluding": "5.6.4",
|
|
"matchCriteriaId": "B8327B3F-394E-4EE4-B197-1325181C2654"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "5.7",
|
|
"versionEndExcluding": "5.7.2",
|
|
"matchCriteriaId": "2988ED95-7821-4396-9D51-D80054FE57F5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3B5WDPGUFNPG4NAZ6G4BZX43BKLAVA5B/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPU66INRFY5BQ3ESVPRUXJR4DXQAFJVT/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |