Bug 1840862 (CVE-2020-14379)
Summary: | CVE-2020-14379 Red Hat AMQ broker: XXE injection in configuration files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ataylor, chazlett, dbruscin, ganandan, jbyrne, jochrist, jross, jwon, osushche, tbueno |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://issues.redhat.com/browse/ENTMQBR-3835 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in broker. An XEE attack can used in Broker's configuration files, leading to DoS and information disclosure. The highest threat from the vulnerability is to system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1840360 |
Description
Guilherme de Almeida Suckevicz
2020-05-27 18:12:06 UTC
Acknowledgments: Name: Oleg Sushchenko Exploitability Metrics: Attack Vector Local (AV:L) - The configuration files we are using as our injection are local files, although the AMQ broker itself is tied to the network stack and there is the possibility of some of the configuration files being dynamically generated this would require another attack outside the scope of this vulnerability Attack Complexity Low (AC:L) - The attack is trivial for a privileged local user, they can alter the configuration at will Privileges Required High (PR:H) - The configuration files must be altered by a user with equal or higher privileges to which the AMQ broker itself runs, these are privileges that could be described as significant or administrative User Interaction None (UI:N) A user does not need to be coerced into performing any action for this flaw, an attacker can expect to be successful if the AMQ broker reads modified configuration XML Scope Unchanged (S:U) The attacker will not be able to change elements outside of the security scope, for example an attacker will be unable to escape the scope of the executing JVM solely due to this flaw Impact Metrics: Confidentiality Low (C:L) We think the confidentiality is low, as although any files can be targeted by ex-filtration in reality this is limited to a smaller subset of files, which *) Are accessibly under the same privileges as the executing JVM *) Are not special files *) Assuming low attack complexity files with special characters or newlines can not be ex-filtrated *) Depending on error handling enumeration of files is not possible Integrity Low (I:L) SSRF via XXE is generally possible and why integrity impact is not none, however there are mitigating circumstances outside the attackers control such as what other unauthenticated services are accessible, it is not possible to directly edit files with the XXE vulnerability without relying on other mechanisms outside the flaw at a the low attack complexity Availability Low (A:H) A malicious XML configuration file can deny access to that instance of the broker and will constitute a total loss of availability for the service as data durability, load balancing and broker clustering are features we can expect are in use, denying access to one broker may in some circumstances mean a total and persistent service (messaging) outage. |