CVE-2019-14749
Vulnerability from cvelistv5
Published
2019-08-07 16:38
Modified
2024-08-05 00:26
Severity ?
Summary
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
References
cve@mitre.orghttp://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttps://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249Patch, Third Party Advisory
cve@mitre.orghttps://github.com/osTicket/osTicket/releases/tag/v1.10.7Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/osTicket/osTicket/releases/tag/v1.12.1Release Notes, Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/47225Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/osTicket/osTicket/releases/tag/v1.10.7Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/osTicket/osTicket/releases/tag/v1.12.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/47225Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:38.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
          },
          {
            "name": "47225",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/47225"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-13T13:37:26",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
        },
        {
          "name": "47225",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/47225"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14749",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1",
              "refsource": "MISC",
              "url": "https://github.com/osTicket/osTicket/releases/tag/v1.12.1"
            },
            {
              "name": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7",
              "refsource": "MISC",
              "url": "https://github.com/osTicket/osTicket/releases/tag/v1.10.7"
            },
            {
              "name": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249",
              "refsource": "MISC",
              "url": "https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249"
            },
            {
              "name": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html"
            },
            {
              "name": "47225",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/47225"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14749",
    "datePublished": "2019-08-07T16:38:45",
    "dateReserved": "2019-08-07T00:00:00",
    "dateUpdated": "2024-08-05T00:26:38.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-14749\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-08-07T17:15:12.480\",\"lastModified\":\"2024-11-21T04:27:15.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyecci\u00f3n CSV (tambi\u00e9n se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de c\u00e1lculo se generan din\u00e1micamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pesta\u00f1a Users y el campo Issue Summary de la pesta\u00f1a Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de c\u00e1lculo como Excel y OpenOffice Calc, lo que resulta en una situaci\u00f3n en la que las celdas de las hojas de c\u00e1lculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de c\u00e1lculo exportada puede estar afectado.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1236\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.7\",\"matchCriteriaId\":\"2D6B0B54-FE0E-41EB-953D-6A72FFB7B724\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:osticket:osticket:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.12\",\"versionEndExcluding\":\"1.12.1\",\"matchCriteriaId\":\"4874A3A8-A938-4E25-B01A-5366E34B2A28\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/osTicket/osTicket/releases/tag/v1.10.7\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/osTicket/osTicket/releases/tag/v1.12.1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/47225\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/osTicket/osTicket/releases/tag/v1.10.7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/osTicket/osTicket/releases/tag/v1.12.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/47225\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.