CVE-2013-2060
published 2020-01-28CVE-2013-2060: The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
5.54%
91.9th percentile
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | openshift_origin | — | — |
| redhat | openshift | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl --max-time #{max_dl_time} --connect-timeout 2 --location --max-redirs #{max_redirs} --max-filesize #{max_file_size} -k #{url}↗
- →Monitor for shell metacharacter injection (e.g., semicolons, backticks, pipes) appearing in URL parameters passed to the OpenShift cart download endpoint, which feeds unsanitized input directly into a Ruby backtick shell execution of curl. ↗
- →Alert on curl invocations spawned by the OpenShift Origin controller process (rubygem-openshift-origin-controller) that contain shell metacharacters or unexpected command sequences in the URL argument. ↗
- →Flag any cart download requests where the URL uses the 'file' protocol or resolves to localhost/internal network addresses, as these indicate exploitation of the SSRF/local injection attack surface described in the vulnerability. ↗
- →Inspect HTTP requests targeting the OpenShift cart download URL endpoint for shell metacharacters (`;`, `|`, `` ` ``, `$()`, `&&`, `||`) embedded within the URL parameter value. ↗
- ·The vulnerable code path is gated by configurable parameters (max_download_time, max_cart_size, max_download_redirects) in Rails.application.config.downloaded_cartridges; these values do not mitigate the injection but may affect the observable behavior of exploit attempts (e.g., time-based detection thresholds). ↗
- ·The affected package is rubygem-openshift-origin-controller on OpenShift Enterprise 1; detections should be scoped to environments running this specific package version. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
OpenShift: Potential remote command execution vulnerability in download cart url
vendor_redhat·2013-05-06·CVSS 9.8
CVE-2013-2060 [CRITICAL] CWE-78 OpenShift: Potential remote command execution vulnerability in download cart url
OpenShift: Potential remote command execution vulnerability in download cart url
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
Package: rubygem-openshift-origin-controller (OpenShift Enterprise 1) - Affected
GHSA
GHSA-j52h-5vxc-vjgw: The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a requ
ghsa_unreviewed·2022-05-05
CVE-2013-2060 [HIGH] GHSA-j52h-5vxc-vjgw: The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a requ
The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2013/05/07/1http://www.securityfocus.com/bid/59687https://bugzilla.redhat.com/show_bug.cgi?id=960363https://exchange.xforce.ibmcloud.com/vulnerabilities/84075http://www.openwall.com/lists/oss-security/2013/05/07/1http://www.securityfocus.com/bid/59687https://bugzilla.redhat.com/show_bug.cgi?id=960363https://exchange.xforce.ibmcloud.com/vulnerabilities/84075
2020-01-28
Published