CVE-2021-45448

Pentaho Business Analytics Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user-supplied path to access resources that are out of bounds. The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. By using special elements such as ".." and "/" separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.pentaho.com/hc/en-us/articles/6744743458701	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:vantara_pentaho::::::::
	cpe:2.3:a:hitachi:vantara_pentaho::::::::

History

No history.

Information

Published : 2022-11-02 16:15

Updated : 2023-11-07 03:39

NVD link : CVE-2021-45448

Mitre link : CVE-2021-45448

CVE.ORG link : CVE-2021-45448

JSON object : View

Products Affected

hitachi

vantara_pentaho

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-45448", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security.vulnerabilities@hitachivantara.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2022-11-02T16:15:09.897", "references": [{"url": "https://support.pentaho.com/hc/en-us/articles/6744743458701", "tags": ["Vendor Advisory"], "source": "security.vulnerabilities@hitachivantara.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security.vulnerabilities@hitachivantara.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Pentaho Business Analytics\n Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho \nAnalyzer plugin exposes a service endpoint for templates which allows a \nuser-supplied path to access resources that are out of bounds.\u00a0\n\nThe software uses external input to construct a pathname that is intended to identify a file or \ndirectory that is located underneath a restricted parent directory, but the software does not \nproperly neutralize special elements within the pathname that can cause the pathname to \nresolve to a location that is outside of the restricted directory. \u00a0By using special elements such as \n\"..\" and \"/\" separators, attackers can escape outside of the restricted \nlocation to access files or directories that are elsewhere on the \nsystem.\n\n\n\n"}, {"lang": "es", "value": "Las versiones de Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 que utilizan el complemento Pentaho Analyzer exponen un endpoint de servicio para plantillas que permite una ruta proporcionada por el usuario para acceder a recursos que est\u00e1n fuera de los l\u00edmites. El software utiliza entradas externas para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido, pero el software no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicaci\u00f3n que est\u00e1 fuera del directorio restringido. Al utilizar elementos especiales como separadores \"..\" y \"/\", los atacantes pueden escapar de la ubicaci\u00f3n restringida para acceder a archivos o directorios que se encuentran en otras partes del sistema."}], "lastModified": "2023-11-07T03:39:50.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB67F45F-D25C-4B85-8819-433D89F3EF1F", "versionEndExcluding": "8.3.0.25", "versionStartIncluding": "8.3.0.0"}, {"criteria": "cpe:2.3:a:hitachi:vantara_pentaho:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "111F5389-BE1D-480F-8229-3EEDF8F6D82A", "versionEndExcluding": "9.2.0.2", "versionStartIncluding": "9.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security.vulnerabilities@hitachivantara.com"}