CVE-2019-17572 - Vulnerability Details - OpenCVE

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Rocketmq

Configuration 1 [-]

cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E
https://seclists.org/oss-sec/2020/q2/112

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2020-05-14T16:10:48

Updated: 2024-08-05T01:40:15.813Z

Reserved: 2019-10-14T00:00:00

Link: CVE-2019-17572

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-05-14T17:15:11.977

Modified: 2024-11-21T04:32:33.843

Link: CVE-2019-17572

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apache RocketMQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "Apache RocketMQ 4.2.0 to 4.6.0"}]}], "descriptions": [{"lang": "en", "value": "In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like \u201c../../../../topic2020\u201d is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later."}], "problemTypes": [{"descriptions": [{"description": "Directory Traversal (Local File Inclusion)", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-05-14T16:10:48", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://seclists.org/oss-sec/2020/q2/112"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2019-17572", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache RocketMQ", "version": {"version_data": [{"version_value": "Apache RocketMQ 4.2.0 to 4.6.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like \u201c../../../../topic2020\u201d is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal (Local File Inclusion)"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"}, {"name": "https://seclists.org/oss-sec/2020/q2/112", "refsource": "MISC", "url": "https://seclists.org/oss-sec/2020/q2/112"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:15.813Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://seclists.org/oss-sec/2020/q2/112"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2019-17572", "datePublished": "2020-05-14T16:10:48", "dateReserved": "2019-10-14T00:00:00", "dateUpdated": "2024-08-05T01:40:15.813Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*", "matchCriteriaId": "970873B2-A607-4664-9DE0-9CC25747E185", "versionEndIncluding": "4.6.0", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like \u201c../../../../topic2020\u201d is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later."}, {"lang": "es", "value": "En Apache RocketMQ versiones 4.2.0 hasta 4.6.0, cuando la creaci\u00f3n autom\u00e1tica de temas en el agente est\u00e1 activada por defecto, un tema maligno como \"../../../../topic2020\" es enviado desde rocketmq-client para el agente, una carpeta de temas ser\u00e1 creada en el directorio principal en los agentes, lo que conduce a una vulnerabilidad de salto del directorio. Los usuarios de las versiones afectadas deben aplicar lo siguiente: Actualizaci\u00f3n a Apache RocketMQ versi\u00f3n 4.6.1 o posterior."}], "id": "CVE-2019-17572", "lastModified": "2024-11-21T04:32:33.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-05-14T17:15:11.977", "references": [{"source": "security@apache.org", "tags": ["Broken Link"], "url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2020/q2/112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://lists.apache.org/thread.html/fdea1c5407da47a17d5522fa149a097cacded1916c1c1534d46edc6d%40%3Cprivate.rocketmq.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/oss-sec/2020/q2/112"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}