CVE-2023-49297

PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004	Patch
https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5	Exploit Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYR5SJKOFSSXFV3E3D2SLXBUBA5WMJJG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K34YWTDKBAYWZPOAKBYDM72WIFL5CAYW/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:iterative:pydrive2::::::::
	cpe:2.3:a:iterative:pydrive2:1.17.0:::::::*

History

No history.

Information

Published : 2023-12-05 21:15

Updated : 2023-12-16 02:15

NVD link : CVE-2023-49297

Mitre link : CVE-2023-49297

CVE.ORG link : CVE-2023-49297

JSON object : View

Products Affected

iterative

pydrive2

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-49297", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2023-12-05T21:15:07.460", "references": [{"url": "https://github.com/iterative/PyDrive2/commit/c57355dc2033ad90b7050d681b2c3ba548ff0004", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/iterative/PyDrive2/security/advisories/GHSA-v5f6-hjmf-9mc5", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYR5SJKOFSSXFV3E3D2SLXBUBA5WMJJG/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K34YWTDKBAYWZPOAKBYDM72WIFL5CAYW/", "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "PyDrive2 is a wrapper library of google-api-python-client that simplifies many common Google Drive API V2 tasks. Unsafe YAML deserilization will result in arbitrary code execution. A maliciously crafted YAML file can cause arbitrary code execution if PyDrive2 is run in the same directory as it, or if it is loaded in via `LoadSettingsFile`. This is a deserilization attack that will affect any user who initializes GoogleAuth from this package while a malicious yaml file is present in the same directory. This vulnerability does not require the file to be directly loaded through the code, only present. This issue has been addressed in commit `c57355dc` which is included in release version `1.16.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "PyDrive2 es una librer\u00eda contenedora de google-api-python-client que simplifica muchas tareas comunes de la API V2 de Google Drive. La deserilizaci\u00f3n insegura de YAML dar\u00e1 como resultado la ejecuci\u00f3n de c\u00f3digo arbitrario. Un archivo YAML creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si PyDrive2 se ejecuta en el mismo directorio que \u00e9l o si se carga a trav\u00e9s de `LoadSettingsFile`. Este es un ataque de deserilizaci\u00f3n que afectar\u00e1 a cualquier usuario que inicialice GoogleAuth desde este paquete mientras hay un archivo yaml malicioso presente en el mismo directorio. Esta vulnerabilidad no requiere que el archivo se cargue directamente a trav\u00e9s del c\u00f3digo, solo est\u00e1 presente. Este problema se solucion\u00f3 en el commit \"c57355dc\" que se incluye en la versi\u00f3n \"1.16.2\". Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2023-12-16T02:15:07.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:iterative:pydrive2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53E86B23-9C4F-4FB7-BE8F-49052254EBBC", "versionEndExcluding": "1.16.2"}, {"criteria": "cpe:2.3:a:iterative:pydrive2:1.17.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA838A52-5ADC-43BC-B0DC-41C95E7F18B2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}