中危 couchbase bleve 使用候选路径或通道进行的认证绕过
CVE编号
CVE-2022-31022利用情况
暂无补丁情况
官方补丁披露时间
2022-06-02漏洞描述
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://github.com/blevesearch/bleve/commit/1c7509d6a17d36f265c90b4e8f4e3a3182fe79ff | |
| https://github.com/blevesearch/bleve/security/advisories/GHSA-9w9f-6mg8-jp7w |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | couchbase | bleve | * | From (including) 0.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | golang-github-blevesearch-bleve | * | Up to (including) 0.5.0+git20170912.278.6eea5b78-4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | golang-github-blevesearch-bleve | * | Up to (including) 0.5.0+git20170912.278.6eea5b78-5 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | golang-github-blevesearch-bleve | * | Up to (including) 0.5.0+git20170912.278.6eea5b78-6 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | golang-github-blevesearch-bleve | * | Up to (including) 0.5.0+git20170912.278.6eea5b78-6 | |||||
- 攻击路径 本地
- 攻击复杂度 困难
- 权限要求 普通权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 N/A
- 服务器危害 无影响
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-288 | 使用候选路径或通道进行的认证绕过 |
| CWE-306 | 关键功能的认证机制缺失 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论