cbcvebase.
CVE-2013-2060
published 2020-01-28

CVE-2013-2060: The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.54%
91.9th percentile
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.

Affected

2 ranges
VendorProductVersion rangeFixed in
red_hatopenshift_origin
redhatopenshift

Detection & IOCsextracted from sources · hover to see the quote

commandcurl --max-time #{max_dl_time} --connect-timeout 2 --location --max-redirs #{max_redirs} --max-filesize #{max_file_size} -k #{url}
  • Monitor for shell metacharacter injection (e.g., semicolons, backticks, pipes) appearing in URL parameters passed to the OpenShift cart download endpoint, which feeds unsanitized input directly into a Ruby backtick shell execution of curl.
  • Alert on curl invocations spawned by the OpenShift Origin controller process (rubygem-openshift-origin-controller) that contain shell metacharacters or unexpected command sequences in the URL argument.
  • Flag any cart download requests where the URL uses the 'file' protocol or resolves to localhost/internal network addresses, as these indicate exploitation of the SSRF/local injection attack surface described in the vulnerability.
  • Inspect HTTP requests targeting the OpenShift cart download URL endpoint for shell metacharacters (`;`, `|`, `` ` ``, `$()`, `&&`, `||`) embedded within the URL parameter value.
  • ·The vulnerable code path is gated by configurable parameters (max_download_time, max_cart_size, max_download_redirects) in Rails.application.config.downloaded_cartridges; these values do not mitigate the injection but may affect the observable behavior of exploit attempts (e.g., time-based detection thresholds).
  • ·The affected package is rubygem-openshift-origin-controller on OpenShift Enterprise 1; detections should be scoped to environments running this specific package version.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.