CVE-2020-10289

Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/ros/actionlib/pull/171	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:openrobotics:robot_operating_system:-:*:*:*:*:*:*:*

History

20 Dec 2021, 22:30

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/ros/actionlib/pull/171 - Third Party Advisory~~	(CONFIRM) https://github.com/ros/actionlib/pull/171 - Patch, Third Party Advisory
CWE	~~CWE-20~~	CWE-502

Information

Published : 2020-08-20 08:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-10289

Mitre link : CVE-2020-10289

CVE.ORG link : CVE-2020-10289

JSON object : View

Products Affected

openrobotics

robot_operating_system

CWE

CWE-502

Deserialization of Untrusted Data

CWE-20

Improper Input Validation

{"id": "CVE-2020-10289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cve@aliasrobotics.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.1}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-08-20T08:15:10.357", "references": [{"url": "https://github.com/ros/actionlib/pull/171", "tags": ["Patch", "Third Party Advisory"], "source": "cve@aliasrobotics.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "cve@aliasrobotics.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Use of unsafe yaml load. Allows instantiation of arbitrary objects. The flaw itself is caused by an unsafe parsing of YAML values which happens whenever an action message is processed to be sent, and allows for the creation of Python objects. Through this flaw in the ROS core package of actionlib, an attacker with local or remote access can make the ROS Master, execute arbitrary code in Python form. Consider yaml.safe_load() instead. Located first in actionlib/tools/library.py:132. See links for more info on the bug."}, {"lang": "es", "value": "El uso de una carga de yaml no segura. Permite la creaci\u00f3n de instancias de objetos arbitrarios. El fallo en s\u00ed es causado por un an\u00e1lisis no seguro de los valores YAML que ocurre cada vez que un mensaje de acci\u00f3n es procesado para ser enviado y permite la creaci\u00f3n de objetos de Python. A trav\u00e9s de este fallo en el paquete central ROS de actionlib, un atacante con acceso local o remoto puede hacer que ROS Master, ejecute c\u00f3digo arbitrario en un formulario de Python. Considere en su lugar la funci\u00f3n yaml.safe_load(). Ubicada primero en la biblioteca actionlib/tools/library.py:132. Consulte los enlaces para m\u00e1s informaci\u00f3n sobre el error."}], "lastModified": "2021-12-20T22:30:26.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:openrobotics:robot_operating_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFEE12D7-4A38-466E-B8E0-D0FADBC00CE4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@aliasrobotics.com"}