Vulnerability-Lookup

CVE-2020-5299 (GCVE-0-2020-5299)

Vulnerability from cvelistv5 – Published: 2020-06-03 22:00 – Updated: 2024-08-04 08:22

Title

Potential CSV Injection vector in OctoberCMS

Summary

In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).

Severity ?

4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/octobercms/october/security/ad…	x_refsource_CONFIRM
	https://github.com/octobercms/library/commit/c84b…	x_refsource_MISC
	https://github.com/octobercms/october/commit/802d…	x_refsource_MISC
	http://packetstormsecurity.com/files/158730/Octob…	x_refsource_MISC
	http://seclists.org/fulldisclosure/2020/Aug/2	mailing-listx_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	octobercms	october	Affected: >= 1.0.319, < 1.0.466

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.179Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
          },
          {
            "name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "october",
          "vendor": "octobercms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.319, \u003c 1.0.466"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-04T11:06:07.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
        },
        {
          "name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
        }
      ],
      "source": {
        "advisory": "GHSA-4rhm-m2fp-hx7q",
        "discovery": "UNKNOWN"
      },
      "title": "Potential CSV Injection vector in OctoberCMS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5299",
          "STATE": "PUBLIC",
          "TITLE": "Potential CSV Injection vector in OctoberCMS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "october",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.0.319, \u003c 1.0.466"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "octobercms"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q",
              "refsource": "CONFIRM",
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
            },
            {
              "name": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
            },
            {
              "name": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
            },
            {
              "name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
            },
            {
              "name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-4rhm-m2fp-hx7q",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5299",
    "datePublished": "2020-06-03T22:00:18.000Z",
    "dateReserved": "2020-01-02T00:00:00.000Z",
    "dateUpdated": "2024-08-04T08:22:09.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2020-5299

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5299

Aliases

CVE-2020-5299

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5299",
    "description": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).",
    "id": "GSD-2020-5299",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2020-5299"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5299"
      ],
      "details": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).",
      "id": "GSD-2020-5299",
      "modified": "2023-12-13T01:22:03.386328Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5299",
        "STATE": "PUBLIC",
        "TITLE": "Potential CSV Injection vector in OctoberCMS"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "october",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 1.0.319, \u003c 1.0.466"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "octobercms"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q",
            "refsource": "CONFIRM",
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
          },
          {
            "name": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a",
            "refsource": "MISC",
            "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
          },
          {
            "name": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484",
            "refsource": "MISC",
            "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
          },
          {
            "name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
          },
          {
            "name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-4rhm-m2fp-hx7q",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=1.0.319,\u003c1.0.466",
          "affected_versions": "All versions starting from 1.0.319 before 1.0.466",
          "cvss_v2": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
          "cwe_ids": [
            "CWE-1035",
            "CWE-77",
            "CWE-937"
          ],
          "date": "2021-03-04",
          "description": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466).",
          "fixed_versions": [
            "1.0.466"
          ],
          "identifier": "CVE-2020-5299",
          "identifiers": [
            "GHSA-4rhm-m2fp-hx7q",
            "CVE-2020-5299"
          ],
          "not_impacted": "All versions before 1.0.319, all versions starting from 1.0.466",
          "package_slug": "packagist/october/backend",
          "pubdate": "2020-06-03",
          "solution": "Upgrade to version 1.0.466 or above.",
          "title": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "urls": [
            "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q",
            "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a",
            "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5299",
            "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
            "http://seclists.org/fulldisclosure/2020/Aug/2",
            "https://github.com/advisories/GHSA-4rhm-m2fp-hx7q"
          ],
          "uuid": "9a5b88c2-96be-46ea-9cf7-d2230ac5e9f9"
        },
        {
          "affected_range": "\u003e=1.0.319,\u003c1.0.466",
          "affected_versions": "All versions starting from 1.0.319 before 1.0.466",
          "cvss_v2": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
          "cwe_ids": [
            "CWE-1035",
            "CWE-77",
            "CWE-937"
          ],
          "date": "2020-08-04",
          "description": "In OctoberCMS, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: Have found a vulnerability in the victim\u0027s spreadsheet software of choice. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software.",
          "fixed_versions": [
            "1.0.466"
          ],
          "identifier": "CVE-2020-5299",
          "identifiers": [
            "CVE-2020-5299",
            "GHSA-4rhm-m2fp-hx7q"
          ],
          "not_impacted": "All versions before 1.0.319, all versions starting from 1.0.466",
          "package_slug": "packagist/october/october",
          "pubdate": "2020-06-03",
          "solution": "Upgrade to version 1.0.466 or above.",
          "title": "Command Injection",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5299"
          ],
          "uuid": "72a5a8ef-3ab5-478e-90eb-b6e93688a7ef"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.466",
                "versionStartIncluding": "1.0.319",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5299"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-77"
                },
                {
                  "lang": "en",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
            },
            {
              "name": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
            },
            {
              "name": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
            },
            {
              "name": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
            },
            {
              "name": "20200804 October CMS \u003c= Build 465 Multiple Vulnerabilities - Arbitrary File Read",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 3.7
        }
      },
      "lastModifiedDate": "2022-06-30T14:46Z",
      "publishedDate": "2020-06-03T22:15Z"
    }
  }
}

FKIE_CVE-2020-5299

Vulnerability from fkie_nvd - Published: 2020-06-03 22:15 - Updated: 2024-11-21 05:33

Severity ?

4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N
5.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

Summary

References

URL	Tags
security-advisories@github.com	http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html	Third Party Advisory, VDB Entry
security-advisories@github.com	http://seclists.org/fulldisclosure/2020/Aug/2	Mailing List, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2020/Aug/2	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	octobercms	october	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3FE9FB6-7669-4FDA-8099-2953B2E0B15C",
              "versionEndExcluding": "1.0.466",
              "versionStartIncluding": "1.0.319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466)."
    },
    {
      "lang": "es",
      "value": "En OctoberCMS (paquete de compositor october/october) versiones desde 1.0.319 y anteriores a 1.0.466, cualquier usuario con la capacidad de modificar cualquier informaci\u00f3n que eventualmente podr\u00eda ser exportada como un archivo CSV desde la funci\u00f3n \"ImportExportController\" podr\u00eda introducir potencialmente una inyecci\u00f3n CSV en los datos para causar que el archivo de exportaci\u00f3n CSV generado sea malicioso. Esto requiere que atacantes logren lo siguiente antes de que se pueda completar un ataque exitoso: 1. Han encontrado una vulnerabilidad en el software de hoja de c\u00e1lculo de las v\u00edctimas de elecci\u00f3n. 2. Los datos de control que podr\u00edan potencialmente ser exportados por medio de la funci\u00f3n \"ImportExportController\" por parte una v\u00edctima te\u00f3rica. 3. Convencer a la v\u00edctima para exportar datos anteriores como un CSV y ejecutarlos en un software de hoja de c\u00e1lculo vulnerable, mientras que tambi\u00e9n al omitir cualquier comprobaci\u00f3n de sanidad para dicho software. El problema ha sido parcheado en el Build 466 (versi\u00f3n v1.0.466)"
    }
  ],
  "id": "CVE-2020-5299",
  "lastModified": "2024-11-21T05:33:51.790",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 2.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-03T22:15:11.957",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-4RHM-M2FP-HX7Q

Vulnerability from github – Published: 2020-06-03 21:58 – Updated: 2021-03-04 18:26

Summary

Potential CSV Injection vector in OctoberCMS

Details

Impact

Any users with the ability to modify any data that could eventually be exported as a CSV file from the ImportExportController could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed:

Have found a vulnerability in the victim's spreadsheet software of choice.
Control data that would potentially be exported through the ImportExportController by a theoretical victim.
Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software.

Patches

Issue has been patched in Build 466 (v1.0.466).

Workarounds

Apply https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a & https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484 to your installation manually if unable to upgrade to Build 466.

References

Reported by @chrisvidal initially & Sivanesh Ashok later.

For more information

If you have any questions or comments about this advisory: * Email us at hello@octobercms.com

Threat assessment:

Given the number of hoops that a potential attacker would have to jump through, this vulnerability really boils down to the possibility of abusing the trust that a user may have in the export functionality of the project. Thus, this has been rated low severity as it requires vulnerabilities to also exist in other software used by any potential victims as well as successful social engineering attacks.

Severity ?

4.0 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/backend"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.319"
            },
            {
              "fixed": "1.0.466"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-03T21:26:57Z",
    "nvd_published_at": "2020-06-03T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nAny users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: \n\n1. Have found a vulnerability in the victim\u0027s spreadsheet software of choice.\n2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim.\n3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software.\n\n### Patches\nIssue has been patched in Build 466 (v1.0.466).\n\n### Workarounds\nApply https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a \u0026 https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484 to your installation manually if unable to upgrade to Build 466.\n\n### References\nReported by @chrisvidal initially \u0026 [Sivanesh Ashok](https://stazot.com/) later.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)\n\n### Threat assessment:\nGiven the number of hoops that a potential attacker would have to jump through, this vulnerability really boils down to the possibility of abusing the trust that a user may have in the export functionality of the project. Thus, this has been rated low severity as it requires vulnerabilities to also exist in other software used by any potential victims as well as successful social engineering attacks.",
  "id": "GHSA-4rhm-m2fp-hx7q",
  "modified": "2021-03-04T18:26:33Z",
  "published": "2020-06-03T21:58:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5299"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/library/commit/c84bf03f506052c848f2fddc05f24be631427a1a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/commit/802d8c8e09a2b342649393edb6d3ceb958851484"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/158730/October-CMS-Build-465-XSS-File-Read-File-Deletion-CSV-Injection.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2020/Aug/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Potential CSV Injection vector in OctoberCMS"
}

CNVD-2020-38889

Vulnerability from cnvd - Published: 2020-07-15

Title

October CMS命令注入漏洞

Description

October CMS是一套基于PHP和Laravel Web应用程序框架的开源内容管理系统（CMS）。 October CMS（composer）1.0.319及之后版本（已在1.0.466版本中修复）中存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Severity

中

Patch Name

October CMS命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-5299

Impacted products

Name
October CMS October CMS >=1.0.319，<1.0.466

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5299"
    }
  },
  "description": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\n\nOctober CMS\uff08composer\uff091.0.319\u53ca\u4e4b\u540e\u7248\u672c\uff08\u5df2\u57281.0.466\u7248\u672c\u4e2d\u4fee\u590d\uff09\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/octobercms/october/security/advisories/GHSA-4rhm-m2fp-hx7q",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38889",
  "openTime": "2020-07-15",
  "patchDescription": "October CMS\u662f\u4e00\u5957\u57fa\u4e8ePHP\u548cLaravel Web\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u7684\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nOctober CMS\uff08composer\uff091.0.319\u53ca\u4e4b\u540e\u7248\u672c\uff08\u5df2\u57281.0.466\u7248\u672c\u4e2d\u4fee\u590d\uff09\u4e2d\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "October CMS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "October CMS October CMS \u003e=1.0.319\uff0c\u003c1.0.466"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-5299",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-04",
  "title": "October CMS\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5299 (GCVE-0-2020-5299)

GSD-2020-5299

FKIE_CVE-2020-5299

GHSA-4RHM-M2FP-HX7Q

Impact

Patches

Workarounds

References

For more information

Threat assessment:

CNVD-2020-38889

Tags

Sightings

Nomenclature