Lucene search

[email protected]CVE-2018-1000526

HistoryJun 26, 2018 - 4:29 p.m.

CVE-2018-1000526

2018-06-2616:29:01

CWE-91

[email protected]

web.nvd.nist.gov

cve-2018-1000526

openpsa

xml injection

rss

denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.7%

JSON

Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulnerability appears to have been fixed in after commit 4974a26.

Affected configurations

NVD

Node

openpsa2openpsaMatch-

CPENameOperatorVersion
openpsa2:openpsaopenpsa2 openpsaeq-

CPE	Name	Operator	Version
openpsa2:openpsa	openpsa2 openpsa	eq	-

References

0dd.zone/2018/05/31/OpenPSA-Object-Injection/

github.com/flack/openpsa/issues/192

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2018-1000526

cvelist1 prion1 nvd1 veracode1