CVE-2018-13982 (GCVE-0-2018-13982)
Vulnerability from cvelistv5
Published
2018-09-18 21:00
Modified
2024-08-05 09:21
Severity ?
CWE
  • n/a
Summary
Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
References
cve@mitre.org https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal Exploit, Patch, Third Party Advisory
cve@mitre.org https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50 Patch, Vendor Advisory
cve@mitre.org https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe Patch, Vendor Advisory
cve@mitre.org https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531 Patch, Vendor Advisory
cve@mitre.org https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1 Patch, Vendor Advisory
cve@mitre.org https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 Patch, Vendor Advisory
cve@mitre.org https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html Mailing List, Third Party Advisory
cve@mitre.org https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html Mailing List, Third Party Advisory
cve@mitre.org https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8 Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T09:21:40.766Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal"
          },
          {
            "name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-09-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T13:06:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal"
        },
        {
          "name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-13982",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50",
              "refsource": "CONFIRM",
              "url": "https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50"
            },
            {
              "name": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8",
              "refsource": "CONFIRM",
              "url": "https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8"
            },
            {
              "name": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1",
              "refsource": "CONFIRM",
              "url": "https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1"
            },
            {
              "name": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe",
              "refsource": "CONFIRM",
              "url": "https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe"
            },
            {
              "name": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531",
              "refsource": "CONFIRM",
              "url": "https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531"
            },
            {
              "name": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal",
              "refsource": "MISC",
              "url": "https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal"
            },
            {
              "name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2618-1] smarty3 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html"
            },
            {
              "name": "[debian-lts-announce] 20210416 [SECURITY] [DLA 2618-2] smarty3 regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2618-3] smarty3 regression update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-13982",
    "datePublished": "2018-09-18T21:00:00",
    "dateReserved": "2018-07-11T00:00:00",
    "dateUpdated": "2024-08-05T09:21:40.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-13982\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-09-18T21:29:02.247\",\"lastModified\":\"2024-11-21T03:48:22.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.\"},{\"lang\":\"es\",\"value\":\"Smarty_Security::isTrustedResourceDir() en Smarty en versiones anteriores a la 3.1.33 es propenso a una vulnerabilidad de salto de directorio debido al saneamiento insuficiente de c\u00f3digos de plantilla. Esto permite que los atacantes que controlan el c\u00f3digo de plantilla ejecutado omitan las restricciones de seguridad del directorio de confianza y lean archivos arbitrarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.1.33\",\"matchCriteriaId\":\"0613AA6E-3478-438E-974B-88FF5DC03791\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/sbaresearch/advisories/tree/public/2018/SBA-ADV-20180420-01_Smarty_Path_Traversal\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/2e081a51b1effddb23f87952959139ac62654d50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/8d21f38dc35c4cd6b31c2f23fc9b8e5adbc56dfe\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/bcedfd6b58bed4a7366336979ebaa5a240581531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/c9dbe1d08c081912d02bd851d1d1b6388f6133d1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/smarty-php/smarty/commit/f9ca3c63d1250bb56b2bda609dcc9dd81f0065f8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/10/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.