{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-35219", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-14T15:39:41.783Z", "datePublished": "2024-05-27T16:11:22.875Z", "dateUpdated": "2024-08-02T03:07:46.738Z"}, "containers": {"cna": {"title": "OpenAPI Generator Online - Arbitrary File Read/Delete", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"}, {"name": "https://github.com/OpenAPITools/openapi-generator/pull/18652", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"}, {"name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"}], "affected": [{"vendor": "OpenAPITools", "product": "openapi-generator", "versions": [{"version": "< 7.6.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-27T16:11:22.875Z"}, "descriptions": [{"lang": "en", "value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."}], "source": {"advisory": "GHSA-g3hr-p86p-593h", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "openapitools", "product": "openapi-generator", "cpes": ["cpe:2.3:a:openapitools:openapi-generator:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.6.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-28T16:27:13.509710Z", "id": "CVE-2024-35219", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-24T17:47:32.952Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T03:07:46.738Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"}, {"name": "https://github.com/OpenAPITools/openapi-generator/pull/18652", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"}, {"name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35219", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-28T16:27:13.509710Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openapitools:openapi-generator:*:*:*:*:*:*:*:*"], "vendor": "openapitools", "product": "openapi-generator", "versions": [{"status": "affected", "version": "0", "lessThan": "7.6.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-28T16:30:43.588Z"}}], "cna": {"title": "OpenAPI Generator Online - Arbitrary File Read/Delete", "source": {"advisory": "GHSA-g3hr-p86p-593h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "OpenAPITools", "product": "openapi-generator", "versions": [{"status": "affected", "version": "< 7.6.0"}]}], "references": [{"url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h", "name": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenAPITools/openapi-generator/pull/18652", "name": "https://github.com/OpenAPITools/openapi-generator/pull/18652", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d", "name": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-27T16:11:22.875Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35219", "state": "PUBLISHED", "dateUpdated": "2024-07-24T17:47:32.952Z", "dateReserved": "2024-05-14T15:39:41.783Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-27T16:11:22.875Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available."}, {"lang": "es", "value": "OpenAPI Generator permite la generaci\u00f3n de librer\u00edas de cliente API (generaci\u00f3n de SDK), c\u00f3digos auxiliares de servidor, documentaci\u00f3n y configuraci\u00f3n autom\u00e1ticamente dada una especificaci\u00f3n OpenAPI. Antes de la versi\u00f3n 7.6.0, los atacantes pod\u00edan aprovechar una vulnerabilidad de path traversal para leer y eliminar archivos y carpetas de un directorio grabable arbitrario, ya que cualquiera pod\u00eda configurar la carpeta de salida al enviar la solicitud a trav\u00e9s de la opci\u00f3n `outputFolder`. El problema se solucion\u00f3 en la versi\u00f3n 7.6.0 eliminando el uso de la opci\u00f3n `outputFolder`. No hay workarounds disponibles."}], "id": "CVE-2024-35219", "lastModified": "2024-11-21T09:19:57.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-27T16:15:09.027", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800d"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OpenAPITools/openapi-generator/pull/18652"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"bugzilla": {"description": "openapi-generator-online: Path traversal via outputFolder option", "id": "2283564", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283564"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.", "A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenAPI Spec. This flaw allows an attacker to cause a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory, as anyone can set the output folder when submitting the request via the `outputFolder` option."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-35219", "package_state": [{"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openapi-generator-online", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "openapi-generator-online", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "openapi-generator-online", "product_name": "streams for Apache Kafka"}], "public_date": "2024-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-35219\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-35219"], "statement": "This vulnerability in OpenAPI Generator is classified as Moderate severity due to its potential to be exploited for unauthorized file system access, allowing attackers to perform read and delete operations on files and folders within any writable directory. The impact is mitigated by the requirement that attackers must have the ability to submit requests to the generator, limiting the exploit's feasibility to environments where access controls are already compromised or insufficiently stringent.", "threat_severity": "Moderate"}