CVE-2018-1196

CWE-596 documents6 sources
Severity
5.9MEDIUM
EPSS
0.6%
top 30.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Spring BootDell EMC Spring Boot
Timeline
PublishedMar 19
Latest updateOct 18

Description

Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init.d linux service. The script included with Spring Boot 1.5.9 and earlier and 2.0.0.M1 through 2.0.0.M7 is susceptible to a symlink attack which allows the "run_user" to overwrite and take ownership of any file on the same system. In order to instigate the attack, the application must be installed as a service and the "run_user" requires shell access to the server. Spring Boot applica

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

Mavenorg.springframework.boot:spring-boot1.5.01.5.10
NVDvmware/spring_boot1.5.9+1
CVEListV5dell_emc/spring_boot1.5.0 - 1.5.9, 2.0.0.M1 - 2.0.0.M7+1

🔴Vulnerability Details

3
GHSA
Moderate severity vulnerability that affects org.springframework.boot:spring-boot2018-10-18
OSV
Moderate severity vulnerability that affects org.springframework.boot:spring-boot2018-10-18
CVEList
CVE-2018-1196: Spring Boot supports an embedded launch script that can be used to easily run the application as a systemd or init2018-03-19

📋Vendor Advisories

1
Red Hat
Boot: Symlink privilege escalation attack via launch script2018-01-30

💬Community

1
Bugzilla
CVE-2018-1196 Spring Boot: Symlink privilege escalation attack via launch script2018-02-05
CVE-2018-1196 (MEDIUM CVSS 5.9) | Spring Boot supports an embedded la | cvebase.io