nvd-json-data-feeds/CVE-2022/CVE-2022-310xx/CVE-2022-31041.json

{
  "id": "CVE-2022-31041",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2022-06-13T13:15:13.667",
  "lastModified": "2024-11-21T07:03:46.203",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application."
    },
    {
      "lang": "es",
      "value": "Open Forms es una aplicaci\u00f3n para crear y publicar formularios inteligentes. Open Forms admite la carga de archivos como uno de los tipos de campo del formulario. Estos campos pueden configurarse para que los usuarios finales s\u00f3lo puedan cargar determinadas extensiones de archivo (por ejemplo, s\u00f3lo PDF / Excel / ...). La comprobaci\u00f3n de entrada de los archivos subidos es insuficiente en las versiones anteriores a 1.0.9 y 1.1.1. Los usuarios pod\u00edan alterar o eliminar las extensiones de los archivos para omitir esta comprobaci\u00f3n. Esto resulta en que sean subidos al servidor archivos que son de un tipo de archivo diferente al indicado por la extensi\u00f3n del nombre del archivo. Estos archivos pueden ser descargados (manual o autom\u00e1ticamente) por el personal y/o otras aplicaciones para su posterior procesamiento. Por lo tanto, los archivos maliciosos pueden encontrar su camino en las redes internas/confiables. Las versiones 1.0.9 y 1.1.1 contienen parches para este problema. Como mitigaci\u00f3n, una puerta de enlace de la API o una soluci\u00f3n de detecci\u00f3n de intrusos frente a Open Forms puede ser capaz de escanear y bloquear el contenido malicioso antes de que llegue a la aplicaci\u00f3n Open Forms"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "baseScore": 4.0,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:maykinmedia:open_forms:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.0.9",
              "matchCriteriaId": "CC6562EA-A0C8-4C37-B556-E83242D34914"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:maykinmedia:open_forms:1.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "79EB5A82-12EA-4CF2-A9F3-3D36908D15AA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:maykinmedia:open_forms:1.1.0:rc0:*:*:*:*:*:*",
              "matchCriteriaId": "3081AA3A-A8D5-4873-A97F-B9CB59B4F4D1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:maykinmedia:open_forms:1.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EB1F9D1E-B00F-4AEF-ACE6-F8FCDE75B3B6"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/open-formulieren/open-forms/commit/0978a29e821a7228c5d46c0527c3e925eb91b071",
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/open-formulieren/open-forms/security/advisories/GHSA-h85r-xv4w-cg8g",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/open-formulieren/open-forms/commit/0978a29e821a7228c5d46c0527c3e925eb91b071",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/open-formulieren/open-forms/security/advisories/GHSA-h85r-xv4w-cg8g",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}