CVE-2019-18213

Опубликовано: 23 окт. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

Ссылки

https://github.com/angelozerr/lsp4xml/
Product
https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others
Release Notes
Third Party Advisory
https://github.com/angelozerr/lsp4xml/pull/566
Patch
Third Party Advisory
https://github.com/redhat-developer/vscode-xml/
Patch
Third Party Advisory
https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml
Third Party Advisory
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/
Exploit
Third Party Advisory
https://github.com/angelozerr/lsp4xml/
Product
https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others
Release Notes
Third Party Advisory
https://github.com/angelozerr/lsp4xml/pull/566
Patch
Third Party Advisory
https://github.com/redhat-developer/vscode-xml/
Patch
Third Party Advisory
https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml
Third Party Advisory
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xml_language_server_project:xml_server_project:*:*:*:*:*:*:*:*

Версия до 0.9.1 (исключая)

Конфигурация 2

cpe:2.3:a:eclipse:wild_web_developer:-:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:theia_xml_extension_project:theia_xml_extension:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00592

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

GHSA-8whm-fx4q-45xx