CVE-2023-4588 (GCVE-0-2023-4588)

Vulnerability from cvelistv5 – Published: 2023-09-06 11:43 – Updated: 2024-09-06 14:12
VLAI?
Title
File accessibility vulnerability in Delinea Secret Server
Summary
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.
Severity ?
6.8 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
Impacted products
Vendor Product Version
Delinea Secret Server Affected: v10.9.000002
Affected: v11.4.000002
Create a notification for this product.
Credits
Héctor de Armas Padrón (@3v4SI0N)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:31:06.616Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-06T14:07:06.809136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T14:12:59.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Secret Server",
          "vendor": "Delinea",
          "versions": [
            {
              "status": "affected",
              "version": "v10.9.000002"
            },
            {
              "status": "affected",
              "version": "v11.4.000002"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "H\u00e9ctor de Armas Padr\u00f3n (@3v4SI0N)"
        }
      ],
      "datePublic": "2023-09-06T10:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
            }
          ],
          "value": "File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-150",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-150 Collect Data from Common Resource Locations"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-06T11:43:19.278Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "File accessibility vulnerability in Delinea Secret Server",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2023-4588",
    "datePublished": "2023-09-06T11:43:19.278Z",
    "dateReserved": "2023-08-29T07:44:07.813Z",
    "dateUpdated": "2024-09-06T14:12:59.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0549C65A-06F9-41D4-BF9C-D303A8BC578C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:delinea:secret_server:11.4.000002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26B9E59F-98C5-4AAE-B0BD-418B8D7EC723\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de accesibilidad a archivos en Delinea Secret Server, en sus versiones v10.9.000002 y v11.4.000002. La explotaci\\u00f3n de esta vulnerabilidad podr\\u00eda permitir a un usuario autenticado con privilegios administrativos crear un archivo de copia de seguridad en el directorio ra\\u00edz web de la aplicaci\\u00f3n, cambiando el directorio de copia de seguridad predeterminado a la carpeta wwwroot y descargarlo con algunos archivos de configuraci\\u00f3n como encryption.config/ y database.config almacenado en el directorio wwwroot, exponiendo las credenciales de la base de datos en texto plano.\\n\"}]",
      "id": "CVE-2023-4588",
      "lastModified": "2024-11-21T08:35:29.647",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"baseScore\": 6.8, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 4.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 3.6}]}",
      "published": "2023-09-06T12:15:07.827",
      "references": "[{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\", \"source\": \"cve-coordination@incibe.es\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve-coordination@incibe.es",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-coordination@incibe.es\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-552\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4588\",\"sourceIdentifier\":\"cve-coordination@incibe.es\",\"published\":\"2023-09-06T12:15:07.827\",\"lastModified\":\"2024-11-21T08:35:29.647\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de accesibilidad a archivos en Delinea Secret Server, en sus versiones v10.9.000002 y v11.4.000002. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un usuario autenticado con privilegios administrativos crear un archivo de copia de seguridad en el directorio ra\u00edz web de la aplicaci\u00f3n, cambiando el directorio de copia de seguridad predeterminado a la carpeta wwwroot y descargarlo con algunos archivos de configuraci\u00f3n como encryption.config/ y database.config almacenado en el directorio wwwroot, exponiendo las credenciales de la base de datos en texto plano.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@incibe.es\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-552\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:delinea:secret_server:10.9.000002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0549C65A-06F9-41D4-BF9C-D303A8BC578C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:delinea:secret_server:11.4.000002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26B9E59F-98C5-4AAE-B0BD-418B8D7EC723\"}]}]}],\"references\":[{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\",\"source\":\"cve-coordination@incibe.es\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:31:06.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4588\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-06T14:07:06.809136Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-06T14:12:52.306Z\"}}], \"cna\": {\"title\": \"File accessibility vulnerability in Delinea Secret Server\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"H\\u00e9ctor de Armas Padr\\u00f3n (@3v4SI0N)\"}], \"impacts\": [{\"capecId\": \"CAPEC-150\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-150 Collect Data from Common Resource Locations\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Delinea\", \"product\": \"Secret Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"v10.9.000002\"}, {\"status\": \"affected\", \"version\": \"v11.4.000002\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-06T10:00:00.000Z\", \"references\": [{\"url\": \"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-delinea-secret-server\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application\u0027s webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-552\", \"description\": \"CWE-552 Files or Directories Accessible to External Parties\"}]}], \"providerMetadata\": {\"orgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"shortName\": \"INCIBE\", \"dateUpdated\": \"2023-09-06T11:43:19.278Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4588\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-06T14:12:59.302Z\", \"dateReserved\": \"2023-08-29T07:44:07.813Z\", \"assignerOrgId\": \"0cbda920-cd7f-484a-8e76-bf7f4b7f4516\", \"datePublished\": \"2023-09-06T11:43:19.278Z\", \"assignerShortName\": \"INCIBE\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.