CVE-2024-45313 (GCVE-0-2024-45313)
Vulnerability from cvelistv5
Published
2024-09-02 16:54
Modified
2024-09-03 14:03
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T13:41:03.949634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T14:03:22.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "overleaf",
"vendor": "overleaf",
"versions": [
{
"status": "affected",
"version": "Docker-Compose: \u003c 2024-08-28"
},
{
"status": "affected",
"version": "Toolkit: \u003c 2024-07-17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188: Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-02T16:54:19.915Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4"
},
{
"name": "https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff"
},
{
"name": "https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles"
},
{
"name": "https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers"
}
],
"source": {
"advisory": "GHSA-m95q-g8qg-wgj4",
"discovery": "UNKNOWN"
},
"title": "Insecure default setting for Server Pro installed via Overleaf toolkit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45313",
"datePublished": "2024-09-02T16:54:19.915Z",
"dateReserved": "2024-08-26T18:25:35.444Z",
"dateUpdated": "2024-09-03T14:03:22.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45313\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-02T18:15:37.850\",\"lastModified\":\"2024-09-25T18:12:53.543\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.\"},{\"lang\":\"es\",\"value\":\"Overleaf es un editor colaborativo de LaTeX basado en la web. Al instalar Server Pro utilizando el kit de herramientas de Overleaf anterior al 17 de julio de 2024 o el archivo docker-compose.yml anterior al 28 de agosto de 2024, la configuraci\u00f3n para las compilaciones de LaTeX era insegura de forma predeterminada, lo que requer\u00eda que el administrador habilitara las funciones de seguridad a trav\u00e9s de una opci\u00f3n de configuraci\u00f3n (`SIBLING_CONTAINERS_ENABLED` en el kit de herramientas, `SANDBOXED_COMPILES` en las implementaciones tradicionales de docker-compose/custom). Si estas funciones de seguridad no est\u00e1n habilitadas, los usuarios tienen acceso a los recursos del contenedor `sharelatex` (sistema de archivos, red, variables de entorno) al ejecutar compilaciones, lo que genera m\u00faltiples vulnerabilidades de acceso a archivos, ya sea directamente o a trav\u00e9s de enlaces simb\u00f3licos creados durante las compilaciones. La configuraci\u00f3n ahora se ha cambiado para que sea segura de forma predeterminada para las nuevas instalaciones en el kit de herramientas y la implementaci\u00f3n tradicional de docker-compose. Se actualiz\u00f3 el kit de herramientas de Overleaf para configurar `SIBLING_CONTAINERS_ENABLED=true` de manera predeterminada para las nuevas instalaciones. Se recomienda que todas las instalaciones existentes que utilicen la configuraci\u00f3n predeterminada anterior migren al uso de contenedores hermanos. Las instalaciones existentes pueden configurar `SIBLING_CONTAINERS_ENABLED=true` en `config/overleaf.rc` como mitigaci\u00f3n. En las implementaciones docker-compose/custom heredadas, se debe utilizar `SANDBOXED_COMPILES=true`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-1188\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:overleaf:overleaf:*:*:*:*:server_pro:*:*:*\",\"versionEndExcluding\":\"2024-07-17\",\"matchCriteriaId\":\"7BA23C74-E8C9-43B5-9E55-046E979CDDCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:overleaf:overleaf:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2024-08-28\",\"matchCriteriaId\":\"5E5B5EB4-01F3-4BA0-8D47-C640655B642D\"}]}]}],\"references\":[{\"url\":\"https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45313\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-03T13:41:03.949634Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-03T14:03:12.603Z\"}}], \"cna\": {\"title\": \"Insecure default setting for Server Pro installed via Overleaf toolkit\", \"source\": {\"advisory\": \"GHSA-m95q-g8qg-wgj4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"overleaf\", \"product\": \"overleaf\", \"versions\": [{\"status\": \"affected\", \"version\": \"Docker-Compose: \u003c 2024-08-28\"}, {\"status\": \"affected\", \"version\": \"Toolkit: \u003c 2024-07-17\"}]}], \"references\": [{\"url\": \"https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4\", \"name\": \"https://github.com/overleaf/overleaf/security/advisories/GHSA-m95q-g8qg-wgj4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff\", \"name\": \"https://github.com/overleaf/toolkit/commit/7a8401897b24777b47338452ff8d12e2fb6dd5ff\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles\", \"name\": \"https://github.com/overleaf/overleaf/wiki/Server-Pro:-Sandboxed-Compiles\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers\", \"name\": \"https://github.com/overleaf/toolkit/blob/master/doc/sandboxed-compiles.md#enabling-sibling-containers\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf Toolkit from before 2024-07-17 or legacy docker-compose.yml from before 2024-08-28, the configuration for LaTeX compiles was insecure by default, requiring the administrator to enable the security features via a configuration setting (`SIBLING_CONTAINERS_ENABLED` in Toolkit, `SANDBOXED_COMPILES` in legacy docker-compose/custom deployments). If these security features are not enabled then users have access to the `sharelatex` container resources (filesystem, network, environment variables) when running compiles, leading to multiple file access vulnerabilities, either directly or via symlinks created during compiles. The setting has now been changed to be secure by default for new installs in the Toolkit and legacy docker-compose deployment. The Overleaf Toolkit has been updated to set `SIBLING_CONTAINERS_ENABLED=true` by default for new installs. It is recommended that any existing installations using the previous default setting migrate to using sibling containers. Existing installations can set `SIBLING_CONTAINERS_ENABLED=true` in `config/overleaf.rc` as a mitigation. In legacy docker-compose/custom deployments `SANDBOXED_COMPILES=true` should be used.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1188\", \"description\": \"CWE-1188: Insecure Default Initialization of Resource\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-09-02T16:54:19.915Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-45313\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-03T14:03:22.825Z\", \"dateReserved\": \"2024-08-26T18:25:35.444Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-09-02T16:54:19.915Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…