CVE: CVE-2018-20465

Export to Word

Craft CMS through 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, which causes a cleartext username and password to be displayed in a URI field.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

S1 – Steal Customer Account Information

EPSS

Score: 0.00664
Percentile: 0.70267

CVSS Scoring

CVSS v3.0 Score: 7.2

Severity: HIGH

Mapped CWE(s)

CWE-311 : Missing Encryption of Sensitive Data

All CAPEC(s)

CAPEC-157: Sniffing Attacks
CAPEC-158: Sniffing Network Traffic
CAPEC-204: Lifting Sensitive Data Embedded in Cache
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-37: Retrieve Embedded Sensitive Data
CAPEC-383: Harvesting Information via API Event Monitoring
CAPEC-384: Application API Message Manipulation via Man-in-the-Middle
CAPEC-385: Transaction or Event Tampering via Application API Manipulation
CAPEC-386: Application API Navigation Remapping
CAPEC-387: Navigation Remapping To Propagate Malicious Content
CAPEC-388: Application API Button Hijacking
CAPEC-477: Signature Spoofing by Mixing Signed and Unsigned Content
CAPEC-609: Cellular Traffic Intercept
CAPEC-65: Sniff Application Code

CAPEC(s) with Mapped TTPs

CAPEC-158: Sniffing Network Traffic
Mapped TTPs:
- T1040 : Network Sniffing
- T1111 : Multi-Factor Authentication Interception
CAPEC-204: Lifting Sensitive Data Embedded in Cache
Mapped TTPs:
- T1005 : Data from Local System
CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies
Mapped TTPs:
- T1539 : Steal Web Session Cookie
CAPEC-37: Retrieve Embedded Sensitive Data
Mapped TTPs:
- T1005 : Data from Local System
- T1552.004 : Private Keys
CAPEC-383: Harvesting Information via API Event Monitoring
Mapped TTPs:
- T1056.004 : Credential API Hooking
CAPEC-609: Cellular Traffic Intercept
Mapped TTPs:
- T1111 : Multi-Factor Authentication Interception
CAPEC-65: Sniff Application Code
Mapped TTPs:
- T1040 : Network Sniffing

Mapped ATT&CK TTPs

T1040 : Network Sniffing
Kill Chain: credential-access
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1539 : Steal Web Session Cookie
Kill Chain: credential-access
T1005 : Data from Local System
Kill Chain: collection
T1552.004 : Private Keys
Kill Chain: credential-access
T1056.004 : Credential API Hooking
Kill Chain: collection
T1111 : Multi-Factor Authentication Interception
Kill Chain: credential-access
T1040 : Network Sniffing
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Operation Wocao
ArcaneDoor
SolarWinds Compromise
Operation CuckooBees
CostaRicto
Operation Honeybee
2015 Ukraine Electric Power Attack
Operation Dream Job
C0015
Frankenstein
Night Dragon
Leviathan Australian Intrusions
Operation MidnightEclipse
C0017
Cutting Edge
C0026

Affected Products

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

← Back to Home