CVE-2019-17636

In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit.

CVSS v3 8.1 HIGH
CVSS v2.0 5.8 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747	Exploit Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-03-10 15:15

Updated : 2023-12-10 13:13

NVD link : CVE-2019-17636

Mitre link : CVE-2019-17636

CVE.ORG link : CVE-2019-17636

JSON object : View

Products Affected

eclipse

theia

CWE

CWE-345

Insufficient Verification of Data Authenticity

{"id": "CVE-2019-17636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2020-03-10T15:15:16.073", "references": [{"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=551747", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "emo@eclipse.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}, {"type": "Secondary", "source": "emo@eclipse.org", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is \"Mini-Browser\", published as \"@theia/mini-browser\" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit."}, {"lang": "es", "value": "En Eclipse Theia versiones 0.3.9 hasta la versi\u00f3n 0.15.0, una de las extensiones de Theia pre-empaquetadas predeterminadas es \"Mini-Browser\", publicada como \"@theia/mini-browser\" en npmjs.com. Esta extensi\u00f3n, para sus propias necesidades, expone un endpoint HTTP que permite leer el contenido de los archivos en el sistema de archivos del host, entregar su ruta, sin restricciones en el origen del solicitante. Este dise\u00f1o es vulnerable a ser explotado remotamente por medio de un ataque de tipo DNS rebinding o una descarga autom\u00e1tica de una explotaci\u00f3n cuidadosamente dise\u00f1ado."}], "lastModified": "2020-03-11T17:58:18.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F6DB8A4-6460-4D16-8F2D-80EF235DC616", "versionEndIncluding": "0.15.0", "versionStartIncluding": "0.3.9"}], "operator": "OR"}]}], "sourceIdentifier": "emo@eclipse.org"}