Incorrect default permissions in gotenberg

#VU49286 Incorrect default permissions in gotenberg

Published: 2021-01-06

Vulnerability identifier: #VU49286

Vulnerability risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13452

CWE-ID: CWE-276

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
gotenberg
Web applications / Other software

Vendor: thecodingmachine

Description

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to incorrect default permissions for the "/tini" file, which is writable by default by the gotenberg user. A remote attacker can overwrite the file using vulnerability #VU49284 and perform a denial of service attack or execute arbitrary code on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

gotenberg: 3.0.0 - 6.2.1

External links
http://seclists.org/fulldisclosure/2021/Jan/0
http://medium.com/bugbountywriteup/0-day-bug-breaks-multi-million-dollar-system-38c9e31b27e9

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Gotenberg