gsd-2017-0889
Vulnerability from gsd
Modified
2018-01-23 00:00
Details
Paperclip gem provides multiple ways a file can be uploaded to a web server.
The vulnerability affects two of Paperclip’s IO adapters that accept URLs as
attachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are
used, Paperclip acts as a proxy and downloads the file from the website URI
that is passed in. The library does not perform any validation to protect
against Server Side Request Forgery (SSRF) exploits by default. This may allow
a remote attacker to access information about internal network resources.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-0889",
"description": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources.",
"id": "GSD-2017-0889",
"references": [
"https://www.suse.com/security/cve/CVE-2017-0889.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "paperclip",
"purl": "pkg:gem/paperclip"
}
}
],
"aliases": [
"CVE-2017-0889",
"GHSA-5jcf-c5rg-rmm8"
],
"details": "Paperclip gem provides multiple ways a file can be uploaded to a web server.\nThe vulnerability affects two of Paperclip\u2019s IO adapters that accept URLs as\nattachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are\nused, Paperclip acts as a proxy and downloads the file from the website URI\nthat is passed in. The library does not perform any validation to protect\nagainst Server Side Request Forgery (SSRF) exploits by default. This may allow\na remote attacker to access information about internal network resources.\n",
"id": "GSD-2017-0889",
"modified": "2018-01-23T00:00:00.000Z",
"published": "2018-01-23T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0889"
},
{
"type": "WEB",
"url": "https://github.com/thoughtbot/paperclip/commit/4ebedfbd11d20d03ed03a1274ed281eee62715d4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 7.5,
"type": "CVSS_V2"
},
{
"score": 9.8,
"type": "CVSS_V3"
}
],
"summary": "Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability\nin the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.\n"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2017-04-21T00:00:00",
"ID": "CVE-2017-0889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "paperclip ruby gem",
"version": {
"version_data": [
{
"version_value": "All versions since 3.1.4"
}
]
}
}
]
},
"vendor_name": "thoughtbot"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) (CWE-918)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"url": "https://hackerone.com/reports/713"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2017-0889",
"cvss_v2": 7.5,
"cvss_v3": 9.8,
"date": "2018-01-23",
"description": "Paperclip gem provides multiple ways a file can be uploaded to a web server.\nThe vulnerability affects two of Paperclip\u2019s IO adapters that accept URLs as\nattachment data (UriAdapter and HttpUrlProxyAdapter). When these adapters are\nused, Paperclip acts as a proxy and downloads the file from the website URI\nthat is passed in. The library does not perform any validation to protect\nagainst Server Side Request Forgery (SSRF) exploits by default. This may allow\na remote attacker to access information about internal network resources.\n",
"gem": "paperclip",
"ghsa": "5jcf-c5rg-rmm8",
"patched_versions": [
"\u003e= 5.2.0"
],
"related": {
"url": [
"https://nvd.nist.gov/vuln/detail/CVE-2017-0889",
"https://github.com/thoughtbot/paperclip/commit/4ebedfbd11d20d03ed03a1274ed281eee62715d4"
]
},
"title": "Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability\nin the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.\n",
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.1.4 \u003c5.2.0",
"affected_versions": "All versions starting from 3.1.4 before 5.2.0",
"credit": "Luka (sikic)",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-918",
"CWE-937"
],
"date": "2019-10-09",
"description": "Paperclip suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the `Paperclip::UriAdapter` class. Attackers may be able to access information about internal network resources.",
"fixed_versions": [
"5.2.0"
],
"identifier": "CVE-2017-0889",
"identifiers": [
"CVE-2017-0889"
],
"not_impacted": "All versions before 3.1.4, all versions starting from 5.2.0",
"package_slug": "gem/paperclip",
"pubdate": "2017-11-13",
"solution": "Upgrade to version 5.2.0 or above.",
"title": "Server-SIde Request Forgery (SSRF) vulnerability",
"urls": [
"https://github.com/thoughtbot/paperclip/pull/2435"
],
"uuid": "98875277-b523-49e0-adeb-62ad94c12edf"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thoughtbot:paperclip:*:*:*:*:*:ruby:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.0",
"versionStartIncluding": "3.1.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve-assignments@hackerone.com",
"ID": "CVE-2017-0889"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/713",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://hackerone.com/reports/713"
},
{
"name": "https://hackerone.com/reports/209430",
"refsource": "MISC",
"tags": [
"Permissions Required"
],
"url": "https://hackerone.com/reports/209430"
},
{
"name": "https://github.com/thoughtbot/paperclip/pull/2435",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/thoughtbot/paperclip/pull/2435"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:21Z",
"publishedDate": "2017-11-13T17:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…