GitHub Advisory DatabaseGHSA-C8HJ-W239-5GVFpimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.7%
Impact
Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view.
In the case of pimcore, the fopen() function here doesn’t have an error handle when the file doesn’t exist on the server so the server response raises the full path “fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)”
Patches
Apply patch https://github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87.patch
Workarounds
Update to version 1.2.1 or apply patches manually
References
https://huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| pimcore/admin-ui-classic-bundle | lt | 1.2.1 |
References
github.com/advisories/GHSA-c8hj-w239-5gvf
github.com/pimcore/admin-ui-classic-bundle/commit/10d178ef771097604a256c1192b098af9ec57a87
github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-c8hj-w239-5gvf
huntr.com/bounties/4af4db18-9fd4-43e9-8bc6-c88aaf76839c/
nvd.nist.gov/vuln/detail/CVE-2023-47636
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
20.7%