gsd-2019-0191
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0191",
"description": "Apache Karaf kar deployer reads .kar archives and extracts the paths from the \"repository/\" and \"resources/\" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn\u0027t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with \"..\" directory names and break out of the directories to write arbitrary content to the filesystem. This is the \"Zip-slip\" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.",
"id": "GSD-2019-0191"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0191"
],
"details": "Apache Karaf kar deployer reads .kar archives and extracts the paths from the \"repository/\" and \"resources/\" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn\u0027t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with \"..\" directory names and break out of the directories to write arbitrary content to the filesystem. This is the \"Zip-slip\" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.",
"id": "GSD-2019-0191",
"modified": "2023-12-13T01:23:39.885863Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Karaf",
"version": {
"version_data": [
{
"version_value": "Apache Karaf version prior to 4.2.3"
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Karaf kar deployer reads .kar archives and extracts the paths from the \"repository/\" and \"resources/\" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn\u0027t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with \"..\" directory names and break out of the directories to write arbitrary content to the filesystem. This is the \"Zip-slip\" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Zip-slip vulnerability in KAR deployer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[karaf-user] 20190307 [SECURITY] New security advisory for CVE-2019-0191 released for Apache Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1@%3Cuser.karaf.apache.org%3E"
},
{
"name": "107462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107462"
},
{
"name": "[karaf-commits] 20190506 [karaf-site] branch trunk updated: Publish CVE-2019-0226",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070@%3Ccommits.karaf.apache.org%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,4.2.3)",
"affected_versions": "All versions before 4.2.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2021-09-03",
"description": "Apache Karaf kar deployer reads .kar archives and extracts the paths from the \"repository/\" and \"resources/\" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn\u0027t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with \"..\" directory names and break out of the directories to write arbitrary content to the filesystem. This is the \"Zip-slip\" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.",
"fixed_versions": [
"4.2.3"
],
"identifier": "CVE-2019-0191",
"identifiers": [
"GHSA-869j-5855-hjpm",
"CVE-2019-0191"
],
"not_impacted": "All versions starting from 4.2.3",
"package_slug": "maven/org.apache.karaf/apache-karaf",
"pubdate": "2019-03-25",
"solution": "Upgrade to version 4.2.3 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-0191",
"https://github.com/advisories/GHSA-869j-5855-hjpm"
],
"uuid": "a2fe0faa-4f56-4e61-b72c-056248073977"
},
{
"affected_range": "(,4.2.3)",
"affected_versions": "All versions before 4.2.3",
"cvss_v2": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2019-05-06",
"description": "Apache Karaf kar deployer reads `.kar` archives and extracts the paths from the `repository/` and `resources/` entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it does not do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with `..` directory names and break out of the directories to write arbitrary content to the filesystem.",
"fixed_versions": [
"4.2.3"
],
"identifier": "CVE-2019-0191",
"identifiers": [
"CVE-2019-0191"
],
"not_impacted": "All versions starting from 4.2.3",
"package_slug": "maven/org.apache.karaf/karaf",
"pubdate": "2019-03-21",
"solution": "Upgrade to version 4.2.3 or above.",
"title": "Path Traversal",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2019-0191",
"http://www.securityfocus.com/bid/107462"
],
"uuid": "4e3eb7ad-bb13-483b-9a5d-dd5ae5574123"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.2.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-0191"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Karaf kar deployer reads .kar archives and extracts the paths from the \"repository/\" and \"resources/\" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn\u0027t do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with \"..\" directory names and break out of the directories to write arbitrary content to the filesystem. This is the \"Zip-slip\" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[karaf-user] 20190307 [SECURITY] New security advisory for CVE-2019-0191 released for Apache Karaf",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1@%3Cuser.karaf.apache.org%3E"
},
{
"name": "107462",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107462"
},
{
"name": "[karaf-commits] 20190506 [karaf-site] branch trunk updated: Publish CVE-2019-0226",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070@%3Ccommits.karaf.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-05-06T09:29Z",
"publishedDate": "2019-03-21T16:01Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…