Published on August 4th, 2019 📆 | 4873 Views ⚑
0Magento up to 2.1.17/2.2.8/2.3.1 Elastic Search Config Remote Code Execution
CVSS Meta Temp Score | Current Exploit Price (β) |
---|---|
6.0 | $0-$5k |
A vulnerability, which was classified as critical, was found in Magento up to 2.1.17/2.2.8/2.3.1. Affected is an unknown part of the component Elastic Search. The manipulation as part of a Config leads to a privilege escalation vulnerability (Code Execution). CWE is classifying the issue as CWE-269. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was disclosed 08/02/2019. The advisory is available at magento.com. This vulnerability is traded as CVE-2019-7885 since 02/12/2019. It is possible to launch the attack remotely. A single authentication is required for exploitation. The technical details are unknown and an exploit is not available.
Upgrading to version 2.1.18, 2.2.9 or 2.3.2 eliminates this vulnerability.
The entries 139403, 139404, 139412 and 139413 are pretty similar.
Name
VulDB Meta Base Score: 6.3
VulDB Meta Temp Score: 6.0
VulDB Base Score: 6.3
VulDB Temp Score: 6.0
VulDB Vector: π
VulDB Reliability: π
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
π | π | π | π | π | π |
π | π | π | π | π | π |
π | π | π | π | π | π |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Privilege escalation / Code Execution (CWE-269)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: Magento 2.1.18/2.2.9/2.3.2
02/12/2019 CVE assigned
08/02/2019 Advisory disclosed
08/04/2019 VulDB entry created
08/04/2019 VulDB last updateAdvisory: magento.com
CVE: CVE-2019-7885 (π)
See also: π
Created: 08/04/2019 07:38 AM
Complete: π
Comments
Download the whitepaper to learn more about our service!
https://vuldb.com/?id.139422
No comments yet. Please log in to comment.