CVE-2023-48362 - Vulnerability Details - OpenCVE

XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Drill

Configuration 1 [-]

cpe:2.3:a:apache:drill:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/24/3
https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl

History

Tue, 10 Sep 2024 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache drill
CPEs		cpe:2.3:a:apache:drill::::::::
Vendors & Products		Apache Apache drill
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-24T07:45:43.686Z

Updated: 2025-02-13T17:18:17.319Z

Reserved: 2023-11-15T16:43:39.065Z

Link: CVE-2023-48362

Vulnrichment

Updated: 2024-08-02T21:30:34.449Z

NVD

Status : Modified

Published: 2024-07-24T08:15:02.627

Modified: 2024-11-21T08:31:34.127

Link: CVE-2023-48362

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-48362", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-15T16:43:39.065Z", "datePublished": "2024-07-24T07:45:43.686Z", "dateUpdated": "2025-02-13T17:18:17.319Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected", "packageName": "org.apache.drill.contrib:drill-format-xml", "product": "Apache Drill", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.21.2", "status": "affected", "version": "1.19.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Yuzhe Huang"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.<br>Users are recommended to upgrade to version 1.21.2, which fixes this issue."}], "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.\nUsers are recommended to upgrade to version 1.21.2, which fixes this issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-24T07:50:06.577Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/24/3"}], "source": {"defect": ["DRILL-8461"], "discovery": "UNKNOWN"}, "title": "Apache Drill: XXE Vulnerability in XML Format Reader", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache_software_foundation", "product": "apache_drill", "cpes": ["cpe:2.3:a:apache_software_foundation:apache_drill:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.19.0", "status": "affected", "lessThan": "1.21.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-24T13:04:19.086305Z", "id": "CVE-2023-48362", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T13:10:24.774Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.449Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/24/3", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/24/3", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.449Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-48362", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-24T13:04:19.086305Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache_software_foundation:apache_drill:*:*:*:*:*:*:*:*"], "vendor": "apache_software_foundation", "product": "apache_drill", "versions": [{"status": "affected", "version": "1.19.0", "lessThan": "1.21.2", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T13:10:19.248Z"}}], "cna": {"title": "Apache Drill: XXE Vulnerability in XML Format Reader", "source": {"defect": ["DRILL-8461"], "discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Yuzhe Huang"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Drill", "versions": [{"status": "affected", "version": "1.19.0", "lessThan": "1.21.2", "versionType": "semver"}], "packageName": "org.apache.drill.contrib:drill-format-xml", "collectionURL": "https://repo.maven.apache.org/maven2", "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/24/3"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.\nUsers are recommended to upgrade to version 1.21.2, which fixes this issue.", "supportingMedia": [{"type": "text/html", "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.<br>Users are recommended to upgrade to version 1.21.2, which fixes this issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-24T07:45:43.686Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48362", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:30:34.449Z", "dateReserved": "2023-11-15T16:43:39.065Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-07-24T07:45:43.686Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:drill:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FE11D94-68CA-4BCF-AB90-E2354EA913F3", "versionEndExcluding": "1.21.2", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.\nUsers are recommended to upgrade to version 1.21.2, which fixes this issue."}, {"lang": "es", "value": "XXE en el complemento de formato XML en Apache Drill versi\u00f3n 1.19.0 y superior permite al usuario leer cualquier archivo en un sistema de archivos remoto o ejecutar comandos a trav\u00e9s de un archivo XML malicioso. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.21.2, que soluciona este problema."}], "id": "CVE-2023-48362", "lastModified": "2024-11-21T08:31:34.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-24T08:15:02.627", "references": [{"source": "security@apache.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/07/24/3"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2024/07/24/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "security@apache.org", "type": "Secondary"}]}