Bug 1869682 (CVE-2019-0233)

Summary: CVE-2019-0233 struts2: access permission override when performing a file upload leads to DoS
Product: [Other] Security Response Reporter: Guilherme de Almeida Suckevicz <gsuckevi>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: aboyko, aileenc, asoldano, atangrin, bbaranow, bmaxwell, brian.stansberry, cdewolf, chazlett, darran.lofthouse, darunesh, dbecker, dbhole, dkreling, dosoudil, eleandro, extras-orphan, gvarsami, iweiss, java-sig-commits, jawilson, jcoleman, jjelen, jjoyce, jochrist, jperkins, jschluet, jwon, kbasil, kconner, krathod, kwills, ldimaggi, lgao, lhh, loleary, lpeer, mburns, mkolesni, mmraka, msochure, msvehla, nwallace, pjindal, pmackay, psotirop, puntogil, rguimara, rstancel, rsvoboda, rwagner, sclewis, scohen, slinaber, smaestri, spinder, tcunning, theute, tkirby, tom.jenkinson, yozone
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-02 13:17:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1869453    

Description Guilherme de Almeida Suckevicz 2020-08-18 13:31:48 UTC 
When a file upload is performed to an Action that exposes the file with a getter, an attacker may manipulate the request such that the working copy of the uploaded file is set to read-only. As a result, subsequent actions on the file will fail with an error. It might also be possible to set the Servlet container's temp directory to read only, such that subsequent upload actions will fail.

Reference:
https://cwiki.apache.org/confluence/display/WW/S2-060
Comment 1 Dhananjay Arunesh 2020-08-27 10:39:37 UTC 
*** Bug 1872550 has been marked as a duplicate of this bug. ***
Comment 2 Product Security DevOps Team 2020-09-02 13:17:54 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-0233