CVE-2024-35219
published 2024-05-27CVE-2024-35219: OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI…
PriorityP178high8.3CVSS 3.1
AVNACLPRLUINSUCLIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.59%
88.0th percentile
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openapitools | openapi-generator | < 7.6.0 | 7.6.0 |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://raw.githubusercontent.com/OpenAPITools/openapi-generator/master/modules/openapi-generator/src/test/resources/2_0/petstore.yaml↗
- →Detect path traversal exploitation attempts via the `outputFolder` option in POST requests to /api/gen/clients/* endpoints. Look for sequences of `../` in the JSON body's `outputFolder` field. ↗
- →Monitor subsequent GET requests to /api/gen/download/<code> after a suspicious POST to /api/gen/clients/* — this two-step flow is the exploitation pattern for arbitrary file read. ↗
- →A successful exploit response to /api/gen/download/<code> will contain filesystem paths/filenames from the traversed directory (e.g., `pixmaps/debian-logo.png`), indicating arbitrary file read. ↗
- ·The vulnerability was fixed in version 7.6.0 by completely removing support for the `outputFolder` option. Affected versions are 7.5.0 and below. ↗
- ·No workarounds are available for affected versions; upgrade is the only remediation. ↗
- ·Red Hat assessed openapi-generator-online in OpenShift Serverless, Red Hat Fuse 7, and streams for Apache Kafka as Not Affected. ↗
- ·Exploitation requires the ability to submit requests to the generator service; environments with strict access controls reduce feasibility. ↗
CVSS provenance
nvdv3.18.3HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H
vulncheck8.3HIGH
vendor_redhat8.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenAPI Generator Online - Arbitrary File Read/Delete
ghsa·2024-05-28
CVE-2024-35219 [HIGH] CWE-22 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator Online - Arbitrary File Read/Delete
### Impact
Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option.
### Patches
The issue was fixed via https://github.com/OpenAPITools/openapi-generator/pull/18652 (included in v7.6.0 release) by removing the usage of the `outputFolder` option.
### Workarounds
No workaround available.
### References
No other reference available.
OSV
OpenAPI Generator Online - Arbitrary File Read/Delete
osv·2024-05-28
CVE-2024-35219 [HIGH] OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator Online - Arbitrary File Read/Delete
### Impact
Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option.
### Patches
The issue was fixed via https://github.com/OpenAPITools/openapi-generator/pull/18652 (included in v7.6.0 release) by removing the usage of the `outputFolder` option.
### Workarounds
No workaround available.
### References
No other reference available.
VulnCheck
OpenAPI Generator outputFolder Vulnerability
vulncheck·2024·CVSS 8.3
CVE-2024-35219 [HIGH] OpenAPI Generator outputFolder Vulnerability
OpenAPI Generator outputFolder Vulnerability
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
Affected: OpenAPITools OpenAPI Generator
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation Referenc
Red Hat
openapi-generator-online: Path traversal via outputFolder option
vendor_redhat·2024-05-27·CVSS 8.3
CVE-2024-35219 [HIGH] CWE-22 openapi-generator-online: Path traversal via outputFolder option
openapi-generator-online: Path traversal via outputFolder option
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the `outputFolder` option. The issue was fixed in version 7.6.0 by removing the usage of the `outputFolder` option. No known workarounds are available.
A flaw was found in OpenAPI generator, where it allows the generation of API client libraries, for example, SDK generation, server stubs, documentation, and configuration, automatically given an OpenA
No detection rules found.
Nuclei
OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
nuclei·CVSS 8.3
CVE-2024-35219 [HIGH] OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory.
Template:
id: CVE-2024-35219
info:
name: OpenAPI Generator <= 7.5.0 - Arbitrary File Read/Delete
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
OpenAPI Generator versions 7.5.0 and below are prone to an Arbitrary File Read/Delete vulnerability. Attackers can exploit this vulnerability to read and delete files and folders from an arbitrary, writable directory.
impact: |
Authenticated attackers can read and delete arbitrary files and folders from writable directories.
remediation: |
Update OpenAP
No writeups or analysis indexed.
https://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800dhttps://github.com/OpenAPITools/openapi-generator/pull/18652https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593hhttps://github.com/OpenAPITools/openapi-generator/commit/edbb021aadae47dcfe690313ce5119faf77f800dhttps://github.com/OpenAPITools/openapi-generator/pull/18652https://github.com/OpenAPITools/openapi-generator/security/advisories/GHSA-g3hr-p86p-593h
2024-05-27
Published
Exploited in the wild