Vulnerabilites related to firegiant - wix_toolset
CVE-2019-16511 (GCVE-0-2019-16511)
Vulnerability from cvelistv5
Published
2019-09-19 15:54
Modified
2024-08-05 01:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:17:40.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T17:53:06",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wixtoolset/issues/issues/6075",
"refsource": "MISC",
"url": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"name": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/",
"refsource": "MISC",
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"name": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/",
"refsource": "MISC",
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
},
{
"name": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019",
"refsource": "MISC",
"url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16511",
"datePublished": "2019-09-19T15:54:04",
"dateReserved": "2019-09-19T00:00:00",
"dateUpdated": "2024-08-05T01:17:40.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24810 (GCVE-0-2024-24810)
Vulnerability from cvelistv5
Published
2024-02-07 02:39
Modified
2024-08-01 23:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wixtoolset | issues |
Version: <= 4.0.3 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firegiant:wix_toolset:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wix_toolset",
"vendor": "firegiant",
"versions": [
{
"lessThan": "3.14.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:firegiant:wix_toolset:4.0.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wix_toolset",
"vendor": "firegiant",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24810",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:18:57.581197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T20:58:05.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "issues",
"vendor": "wixtoolset",
"versions": [
{
"status": "affected",
"version": "\u003c= 4.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426: Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T02:39:35.627Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5"
}
],
"source": {
"advisory": "GHSA-7wh2-wxc7-9ph5",
"discovery": "UNKNOWN"
},
"title": "WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-24810",
"datePublished": "2024-02-07T02:39:35.627Z",
"dateReserved": "2024-01-31T16:28:17.941Z",
"dateUpdated": "2024-08-01T23:28:12.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-02-07 03:15
Modified
2024-11-21 08:59
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firegiant | wix_toolset | * | |
| firegiant | wix_toolset | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA99C3FD-4CDC-4DE0-9A04-0421E520E349",
"versionEndExcluding": "3.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6D8FCB-7ED5-4BD7-9B4F-1678DC7A1519",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4."
},
{
"lang": "es",
"value": "El conjunto de herramientas WiX permite a los desarrolladores crear instaladores para Windows Installer, el motor de instalaci\u00f3n de Windows. La carpeta .be TEMP es vulnerable a ataques de redirecci\u00f3n de DLL que permiten al atacante escalar privilegios. Esto afecta a cualquier instalador creado con el marco de instalaci\u00f3n de WiX. Este problema se solucion\u00f3 en la versi\u00f3n 4.0.4."
}
],
"id": "CVE-2024-24810",
"lastModified": "2024-11-21T08:59:45.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-07T03:15:50.273",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-09-19 16:15
Modified
2024-11-21 04:30
Severity ?
Summary
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firegiant | wix_toolset | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED50D663-0FAF-46D1-827C-A1D32AEFC98B",
"versionEndExcluding": "3.11.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en DTF en FireGiant WiX Toolset versiones anteriores a 3.11.2. Las bibliotecas Microsoft.Deployment.Compression.Cab.dll y Microsoft.Deployment.Compression.Zip.dll, permiten un salto de directorio durante la extracci\u00f3n de archivos CAB o ZIP, porque el nombre completo de un archivo (incluso con una secuencia ../) se concatena con la ruta de destino."
}
],
"id": "CVE-2019-16511",
"lastModified": "2024-11-21T04:30:43.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-19T16:15:11.777",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/GitHubAssessments/CVE_Assessments_09_2019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}