Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2020-14001

Disclosure Date: July 17, 2020
CVE-2020-14001 CVSS v3 Base Score: 9.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template=“/etc/passwd”) or unintended embedded Ruby code execution (such as a string that begins with template=“string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • debian,
  • fedoraproject,
  • kramdown project

Products

  • debian linux 10.0,
  • debian linux 9.0,
  • fedora 31,
  • fedora 32,
  • kramdown,
  • ubuntu linux 20.04

References

Canonical
CVE-2020-14001 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14001)
Advisory
https://kramdown.gettalong.org/news.html
https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde
https://github.com/gettalong/kramdown/compare/REL_2_2_1...REL_2_3_0
https://security.netapp.com/advisory/ntap-20200731-0004
[fluo-notifications] 20200808 [GitHub] [fluo-website] ctubbsii opened a new pull request #194: Update gems (https://lists.apache.org/thread.html/r96df7899fbb456fe2705882f710a0c8e8614b573fbffd8d12e3f54d2@%3Cnotifications.fluo.apache.org%3E)
[debian-lts-announce] 20200809 [SECURITY] [DLA 2316-1] ruby-kramdown security update (https://lists.debian.org/debian-lts-announce/2020/08/msg00014.html)
DSA-4743 (https://www.debian.org/security/2020/dsa-4743)
FEDORA-2020-f6eee9a2d3 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L)
FEDORA-2020-5c70d97eca (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ)
https://security.netapp.com/advisory/ntap-20200731-0004/
FEDORA-2020-f6eee9a2d3 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBLTGBYU7NKOUOHDKVCU4GFZMGA6BP4L/)
FEDORA-2020-5c70d97eca (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ENMMGKHRQIZ3QKGOMBBBGB6B4LB5I7NQ/)
USN-4562-1 (https://usn.ubuntu.com/4562-1/)
Miscellaneous
https://github.com/gettalong/kramdown
https://kramdown.gettalong.org
https://rubygems.org/gems/kramdown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis