CVE-2019-14749

{"id": "CVE-2019-14749", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-08-07T17:15:12.480", "references": [{"url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/47225", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-1236"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."}, {"lang": "es", "value": "Se detect\u00f3 un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyecci\u00f3n CSV (tambi\u00e9n se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de c\u00e1lculo se generan din\u00e1micamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pesta\u00f1a Users y el campo Issue Summary de la pesta\u00f1a Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de c\u00e1lculo como Excel y OpenOffice Calc, lo que resulta en una situaci\u00f3n en la que las celdas de las hojas de c\u00e1lculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de c\u00e1lculo exportada puede estar afectado."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D6B0B54-FE0E-41EB-953D-6A72FFB7B724", "versionEndExcluding": "1.10.7"}, {"criteria": "cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4874A3A8-A938-4E25-B01A-5366E34B2A28", "versionEndExcluding": "1.12.1", "versionStartIncluding": "1.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}