Vulnerability-Lookup

CVE-2019-17636 (GCVE-0-2019-17636)

Vulnerability from cvelistv5 – Published: 2020-03-10 14:30 – Updated: 2024-08-05 01:47

Summary

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.

Severity ?

No CVSS data available.

CWE

CWE-345 - CWE: CWE-345: Insufficient Verification of Data Authenticity

Assigner

eclipse

References

URL

	Vendor	Product	Version
	The Eclipse Foundation	Eclipse Theia	Affected: 0.3.9 to 0.15.0

FKIE_CVE-2019-17636

Vulnerability from fkie_nvd - Published: 2020-03-10 15:15 - Updated: 2024-11-21 04:32

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Summary

References

	URL	Tags
	emo@eclipse.org	https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747	Exploit, Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747	Exploit, Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	eclipse	theia	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F6DB8A4-6460-4D16-8F2D-80EF235DC616",
              "versionEndIncluding": "0.15.0",
              "versionStartIncluding": "0.3.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."
    },
    {
      "lang": "es",
      "value": "En Eclipse Theia versiones 0.3.9 hasta la versi\u00f3n 0.15.0, una de las extensiones de Theia pre-empaquetadas predeterminadas es \"Mini-Browser\", publicada como \"@theia/mini-browser\" en npmjs.com. Esta extensi\u00f3n, para sus propias necesidades, expone un endpoint HTTP que permite leer el contenido de los archivos en el sistema de archivos del host, entregar su ruta, sin restricciones en el origen del solicitante. Este dise\u00f1o es vulnerable a ser explotado remotamente por medio de un ataque de tipo DNS rebinding o una descarga autom\u00e1tica de una explotaci\u00f3n cuidadosamente dise\u00f1ado."
    }
  ],
  "id": "CVE-2019-17636",
  "lastModified": "2024-11-21T04:32:40.590",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-10T15:15:16.073",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2019-17636

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-17636

Aliases

CVE-2019-17636

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-17636",
    "description": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
    "id": "GSD-2019-17636"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-17636"
      ],
      "details": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
      "id": "GSD-2019-17636",
      "modified": "2023-12-13T01:23:44.600997Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@eclipse.org",
        "ID": "CVE-2019-17636",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Eclipse Theia",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "0.3.9 to 0.15.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "The Eclipse Foundation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE: CWE-345: Insufficient Verification of Data Authenticity"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
            "refsource": "CONFIRM",
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.3.9 \u003c0.16.0",
          "affected_versions": "All versions starting from 0.3.9 before 0.16.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-345",
            "CWE-937"
          ],
          "date": "2021-04-13",
          "description": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
          "fixed_versions": [
            "0.16.0"
          ],
          "identifier": "CVE-2019-17636",
          "identifiers": [
            "GHSA-f7vx-j8mp-3h2x",
            "CVE-2019-17636"
          ],
          "not_impacted": "All versions before 0.3.9, all versions starting from 0.16.0",
          "package_slug": "npm/@theia/mini-browser",
          "pubdate": "2021-04-13",
          "solution": "Upgrade to version 0.16.0 or above.",
          "title": "Insufficient Verification of Data Authenticity",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-17636",
            "https://github.com/eclipse-theia/theia/pull/7205",
            "https://github.com/eclipse-theia/theia/commit/b212d07f915df1509180944ee3132714bc2636bf",
            "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
            "https://github.com/advisories/GHSA-f7vx-j8mp-3h2x"
          ],
          "uuid": "b4896097-0455-43ff-aeb3-9f00f1ec760c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.15.0",
                "versionStartIncluding": "0.3.9",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2019-17636"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host\u0027s filesystem, given their path, without restrictions on the requester\u0027s origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2020-03-11T17:58Z",
      "publishedDate": "2020-03-10T15:15Z"
    }
  }
}

CNVD-2020-20709

Vulnerability from cnvd - Published: 2020-04-01

Title

Eclipse Theia数据伪造问题漏洞

Description

Eclipse Theia是Eclipse基金会的一套基于Visual Studio Code的用于桌面和Web应用程序的开源集成开发环境框架。 Eclipse Theia 0.3.9版本至0.15.0版本中存在数据伪造问题漏洞。远程攻击者可利用该漏洞读取主机文件系统上所指定路径下的文件内容。

Severity

高

Patch Name

Eclipse Theia数据伪造问题漏洞的补丁

Patch Description

Eclipse Theia是Eclipse基金会的一套基于Visual Studio Code的用于桌面和Web应用程序的开源集成开发环境框架。 Eclipse Theia 0.3.9版本至0.15.0版本中存在数据伪造问题漏洞。远程攻击者可利用该漏洞读取主机文件系统上所指定路径下的文件内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-17636

Impacted products

Name
Eclipse Eclipse Theia >=0.3.9，<=0.15.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-17636",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-17636"
    }
  },
  "description": "Eclipse Theia\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eVisual Studio Code\u7684\u7528\u4e8e\u684c\u9762\u548cWeb\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u6e90\u96c6\u6210\u5f00\u53d1\u73af\u5883\u6846\u67b6\u3002\n\nEclipse Theia 0.3.9\u7248\u672c\u81f30.15.0\u7248\u672c\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6240\u6307\u5b9a\u8def\u5f84\u4e0b\u7684\u6587\u4ef6\u5185\u5bb9\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://bugs.eclipse.org/bugs/show_bug.cgi?id=551747",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-20709",
  "openTime": "2020-04-01",
  "patchDescription": "Eclipse Theia\u662fEclipse\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u57fa\u4e8eVisual Studio Code\u7684\u7528\u4e8e\u684c\u9762\u548cWeb\u5e94\u7528\u7a0b\u5e8f\u7684\u5f00\u6e90\u96c6\u6210\u5f00\u53d1\u73af\u5883\u6846\u67b6\u3002\r\n\r\nEclipse Theia 0.3.9\u7248\u672c\u81f30.15.0\u7248\u672c\u4e2d\u5b58\u5728\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bfb\u53d6\u4e3b\u673a\u6587\u4ef6\u7cfb\u7edf\u4e0a\u6240\u6307\u5b9a\u8def\u5f84\u4e0b\u7684\u6587\u4ef6\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Eclipse Theia\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Eclipse Eclipse Theia \u003e=0.3.9\uff0c\u003c=0.15.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-17636",
  "serverity": "\u9ad8",
  "submitTime": "2020-03-24",
  "title": "Eclipse Theia\u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e"
}

GHSA-F7VX-J8MP-3H2X

Vulnerability from github – Published: 2021-04-13 15:18 – Updated: 2021-03-29 22:11

Summary

Insufficient Verification of Data Authenticity in Eclipse Theia

Details

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given their path, without restrictions on the requesters origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@theia/mini-browser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.3.9"
            },
            {
              "fixed": "0.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-17636"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-29T22:11:05Z",
    "nvd_published_at": "2020-03-10T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the hosts filesystem, given their path, without restrictions on the requesters origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.",
  "id": "GHSA-f7vx-j8mp-3h2x",
  "modified": "2021-03-29T22:11:05Z",
  "published": "2021-04-13T15:18:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17636"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-theia/theia/pull/7205"
    },
    {
      "type": "WEB",
      "url": "https://github.com/eclipse-theia/theia/commit/b212d07f915df1509180944ee3132714bc2636bf"
    },
    {
      "type": "WEB",
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Insufficient Verification of Data Authenticity in Eclipse Theia"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-17636 (GCVE-0-2019-17636)

FKIE_CVE-2019-17636

GSD-2019-17636

CNVD-2020-20709

GHSA-F7VX-J8MP-3H2X

Tags

Sightings

Nomenclature