CVE-2024-35219 (GCVE-0-2024-35219)
Vulnerability from cvelistv5
Published
2024-05-27 16:11
Modified
2024-08-02 03:07
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
CWE
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
References
security-advisories@github.comhttps://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
security-advisories@github.comhttps://github.com/OpenAPITools/openapi-generator/pull/18652
security-advisories@github.comhttps://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
af854a3a-2127-422b-91ae-364da2661108https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d
af854a3a-2127-422b-91ae-364da2661108https://github.com/OpenAPITools/openapi-generator/pull/18652
af854a3a-2127-422b-91ae-364da2661108https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
Impacted products
Vendor Product Version
OpenAPITools openapi-generator Version: < 7.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:openapitools:openapi-generator:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "openapi-generator",
            "vendor": "openapitools",
            "versions": [
              {
                "lessThan": "7.6.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35219",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T16:27:13.509710Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T17:47:32.952Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:07:46.738Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"
          },
          {
            "name": "https://github.com/OpenAPITools/openapi-generator/pull/18652",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"
          },
          {
            "name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openapi-generator",
          "vendor": "OpenAPITools",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-27T16:11:22.875Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"
        },
        {
          "name": "https://github.com/OpenAPITools/openapi-generator/pull/18652",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"
        },
        {
          "name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"
        }
      ],
      "source": {
        "advisory": "GHSA-g3hr-p86p-593h",
        "discovery": "UNKNOWN"
      },
      "title": "OpenAPI Generator Online - Arbitrary File Read/Delete"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-35219",
    "datePublished": "2024-05-27T16:11:22.875Z",
    "dateReserved": "2024-05-14T15:39:41.783Z",
    "dateUpdated": "2024-08-02T03:07:46.738Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-35219\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-05-27T16:15:09.027\",\"lastModified\":\"2024-11-21T09:19:57.753\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.\"},{\"lang\":\"es\",\"value\":\"OpenAPI Generator permite la generaci\u00f3n de librer\u00edas de cliente API (generaci\u00f3n de SDK), c\u00f3digos auxiliares de servidor, documentaci\u00f3n y configuraci\u00f3n autom\u00e1ticamente dada una especificaci\u00f3n OpenAPI. Antes de la versi\u00f3n 7.6.0, los atacantes pod\u00edan aprovechar una vulnerabilidad de path traversal para leer y eliminar archivos y carpetas de un directorio grabable arbitrario, ya que cualquiera pod\u00eda configurar la carpeta de salida al enviar la solicitud a trav\u00e9s de la opci\u00f3n `outputFolder`. El problema se solucion\u00f3 en la versi\u00f3n 7.6.0 eliminando el uso de la opci\u00f3n `outputFolder`. No hay workarounds disponibles.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenAPITools/openapi-generator/pull/18652\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/OpenAPITools/openapi-generator/pull/18652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-35219\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-28T16:27:13.509710Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openapitools:openapi-generator:*:*:*:*:*:*:*:*\"], \"vendor\": \"openapitools\", \"product\": \"openapi-generator\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.6.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-28T16:30:43.588Z\"}}], \"cna\": {\"title\": \"OpenAPI Generator Online - Arbitrary File Read/Delete\", \"source\": {\"advisory\": \"GHSA-g3hr-p86p-593h\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"OpenAPITools\", \"product\": \"openapi-generator\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 7.6.0\"}]}], \"references\": [{\"url\": \"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h\", \"name\": \"https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OpenAPITools/openapi-generator/pull/18652\", \"name\": \"https://github.com/OpenAPITools/openapi-generator/pull/18652\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d\", \"name\": \"https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-27T16:11:22.875Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-35219\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-07-24T17:47:32.952Z\", \"dateReserved\": \"2024-05-14T15:39:41.783Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-27T16:11:22.875Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.