Attacker Value
Very Low
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-10560

Disclosure Date: March 30, 2020
CVE-2020-10560 CVSS v3 Base Score: 5.9
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php.

Add Assessment

3
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Medium
Easy to weaponizeUnauthenticatedVulnerable in default configurationNo useful access
Technical Analysis

This was my first CVE :)

This is an Unauthenticated Arbitrary File Read vulnerability in all versions of The Open Source Social Network prior to 5.3 This includes the Open source and commercial versions.

Attacker value stays low as there is not a large population using this application ~ 500,000 downloads and the first phase of the attack can take several hours.

Phase 1 You need the Site Key. The site key is cryptographically weak and If you can get any cipher text you can recover the key in less than 14 hours on a standard laptop.
If you are unable to gain access as a standard user you can get crypto material from other locations but the PoC is designed for the user strings.

Once the Site Key has been recovered you can use the python script to read any file (in the context of the application) from disk. This includes database credentials and site configurations that can allow for admin access to the site. From here you can gain a full shell using a PHP plugin upload.

Full details can be found – https://techanarchy.net/pages/blog/cve-2020-10560-ossn-arbitrary-file-read

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
5.9 Medium
Impact Score:
3.6
Exploitability Score:
2.2
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector (AV):
Network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
None
Availability (A):
None

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • opensource-socialnetwork

Products

  • open source social network

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis