Vulnerability CVE-2017-7411

Vulnerability CVE-2017-7411

Published: 2017-10-30

Description:

An issue was discovered in Enalean Tuleap 9.6 and prior versions. The vulnerability exists because the User::getRecentElements() method is using the unserialize() function with a preference value that can be arbitrarily manipulated by malicious users through the REST API interface, and this can be exploited to inject arbitrary PHP objects into the application scope, allowing an attacker to perform a variety of attacks (including but not limited to Remote Code Execution).

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.5/10	6.4/10	8/10

Exploit range	Attack complexity	Authentication
Remote	Low	Single time
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Enalean -> Tuleap

References:

http://karmainsecurity.com/KIS-2017-02

http://packetstormsecurity.com/files/144716/Tuleap-9.6-Second-Order-PHP-Object-Injection.html

http://seclists.org/fulldisclosure/2017/Oct/53

http://www.openwall.com/lists/oss-security/2017/10/23/3

https://tuleap.net/plugins/tracker/?aid=10118

https://www.exploit-db.com/exploits/43374/

Copyright 2024, cxsecurity.com