fkie_cve-2016-10533
Vulnerability from fkie_nvd
Published
2018-05-31 20:29
Modified
2024-11-21 02:44
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes.
References
support@hackerone.comhttps://github.com/florianholzapfel/express-restify-mongoose/issues/252Issue Tracking, Third Party Advisory
support@hackerone.comhttps://nodesecurity.io/advisories/92Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/florianholzapfel/express-restify-mongoose/issues/252Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nodesecurity.io/advisories/92Exploit, Third Party Advisory
Impacted products
Vendor Product Version
express-restify-mongoose_project express-restify-mongoose *
express-restify-mongoose_project express-restify-mongoose *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "180B3984-F012-4A58-9A33-DF93C5E0F805",
              "versionEndIncluding": "2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:express-restify-mongoose_project:express-restify-mongoose:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "0B2650DA-6D3C-4C9B-ACDA-847653549554",
              "versionEndIncluding": "3.0.1",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for `GET /User?distinct=password` and get all the passwords for all the users in the database, despite the field being set to private. This can be used for other private data if the malicious user knew what was set as private for specific routes."
    },
    {
      "lang": "es",
      "value": "express-restify-mongoose es un modulo para crear f\u00e1cilmente una interfaz REST flexible para modelos mongoose. express-restify-mongoose en versiones 2.4.2 y anteriores y versiones 3.0.X hasta la 3.0.1 permite que un usuario malicioso env\u00ede una petici\u00f3n para \"GET /User?distinct=password\" y obtenga todas las contrase\u00f1as de todos los usuarios de la base de datos, aunque el campo est\u00e9 marcado como privado. Esto puede emplearse para otro tipo de datos privados si el usuario malicioso sabe qu\u00e9 se marca como privado en rutas espec\u00edficas."
    }
  ],
  "id": "CVE-2016-10533",
  "lastModified": "2024-11-21T02:44:12.980",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-31T20:29:01.110",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/92"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/florianholzapfel/express-restify-mongoose/issues/252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://nodesecurity.io/advisories/92"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.