CVE-2022-31261 - Vulnerability Details - OpenCVE

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Morpheusdata	Morpheus

Configuration 1 [-]

OR	cpe:2.3:a:morpheusdata:morpheus::::::::
	cpe:2.3:a:morpheusdata:morpheus::::::::

No data.

References

Link	Providers
https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html
https://support.morpheusdata.com/s/?language=en_US

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-24T14:49:47

Updated: 2024-08-03T07:11:39.937Z

Reserved: 2022-05-21T00:00:00

Link: CVE-2022-31261

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-24T15:15:08.480

Modified: 2024-11-21T07:04:14.887

Link: CVE-2022-31261

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-05-24T14:49:47", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.morpheusdata.com/s/?language=en_US"}, {"tags": ["x_refsource_MISC"], "url": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2022-31261", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.morpheusdata.com/s/?language=en_US", "refsource": "MISC", "url": "https://support.morpheusdata.com/s/?language=en_US"}, {"name": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html", "refsource": "MISC", "url": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.937Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.morpheusdata.com/s/?language=en_US"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-31261", "datePublished": "2022-05-24T14:49:47", "dateReserved": "2022-05-21T00:00:00", "dateUpdated": "2024-08-03T07:11:39.937Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:morpheusdata:morpheus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5D09AD2-B901-4578-88C3-D0B98D800253", "versionEndIncluding": "5.2.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:morpheusdata:morpheus:*:*:*:*:*:*:*:*", "matchCriteriaId": "278EEF9E-3CC6-48E5-A723-A9D0174BBEE7", "versionEndIncluding": "5.4.4", "versionStartIncluding": "5.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to."}, {"lang": "es", "value": "Se ha detectado un problema de tipo XXE en Morpheus versiones hasta 5.2.16 y desde la 5.4.x hasta 5.4.4. Un ataque con \u00e9xito requiere que sea configurado un proveedor de identidad SAML. Para explotar la vulnerabilidad, el atacante debe conocer el ID de devoluci\u00f3n de llamada SAML \u00fanico del origen de identidad configurado. Un atacante remoto puede enviar una petici\u00f3n dise\u00f1ada con una carga \u00fatil de tipo XXE para invocar un DTD malicioso alojado en un sistema que controla. Esto resulta en la lectura de archivos locales a los que la aplicaci\u00f3n presenta acceso"}], "id": "CVE-2022-31261", "lastModified": "2024-11-21T07:04:14.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2022-05-24T15:15:08.480", "references": [{"source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html"}, {"source": "[email protected]", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://support.morpheusdata.com/s/?language=en_US"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://docs.morpheusdata.com/en/5.4.4/release_notes/current.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Vendor Advisory"], "url": "https://support.morpheusdata.com/s/?language=en_US"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "[email protected]", "type": "Primary"}]}