CVE-2019-17050
published 2019-09-30CVE-2019-17050: An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary…
PriorityP275high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.25%
65.7th percentile
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thecontrolgroup | voyager | <= 1.2.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for ENV Crawler activity (reclassified as malicious by GreyNoise) targeting .env file paths, particularly in Laravel/Voyager deployments. ↗
- →GreyNoise reclassified over 11,000 IPs as malicious under the 'ENV Crawler' tag; use this tag to block opportunistic .env file harvesters that may exploit CVE-2019-17050. ↗
- ·The vulnerability is only exploitable by an authenticated attacker with admin privileges and Compass access; unauthenticated exploitation is not indicated. ↗
- ·The software maintainer recommends disabling Compass in production environments as a mitigation, which would eliminate the attack surface for this CVE. ↗
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9v7c-rj74-pc33: An issue was discovered in the Voyager package through 1
ghsa_unreviewed·2022-05-24
CVE-2019-17050 [HIGH] CWE-639 GHSA-9v7c-rj74-pc33: An issue was discovered in the Voyager package through 1
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
VulnCheck
thecontrolgroup voyager Authorization Bypass Through User-Controlled Key
vulncheck·2019·CVSS 7.2
CVE-2019-17050 [HIGH] thecontrolgroup voyager Authorization Bypass Through User-Controlled Key
thecontrolgroup voyager Authorization Bypass Through User-Controlled Key
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment.
Affected: thecontrolgroup voyager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.netscout.com/blog/asert/botnets-and-familiar-foes-drive-ddos-attack-activity; https://app.crowdsec.net/cti/cve-explorer/CVE-2019-17050; https://www.netscout.com/blog/asert/botnet-pulse
No detection rules found.
No public exploits indexed.
2019-09-30
Published
Exploited in the wild