// For flags

CVE-2021-45448

Pentaho Business Analytics Server - Pentaho Analyzer plugin exposes a service endpoint for templates which allows a user supplied path to access resources that are out of bounds.

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Pentaho Business Analytics
Server versions before 9.2.0.2 and 8.3.0.25 using the Pentaho
Analyzer plugin exposes a service endpoint for templates which allows a
user-supplied path to access resources that are out of bounds. 

The software uses external input to construct a pathname that is intended to identify a file or
directory that is located underneath a restricted parent directory, but the software does not
properly neutralize special elements within the pathname that can cause the pathname to
resolve to a location that is outside of the restricted directory.  By using special elements such as
".." and "/" separators, attackers can escape outside of the restricted
location to access files or directories that are elsewhere on the
system.

Las versiones de Pentaho Business Analytics Server anteriores a 9.2.0.2 y 8.3.0.25 que utilizan el complemento Pentaho Analyzer exponen un endpoint de servicio para plantillas que permite una ruta proporcionada por el usuario para acceder a recursos que están fuera de los límites. El software utiliza entradas externas para construir un nombre de ruta destinado a identificar un archivo o directorio que se encuentra debajo de un directorio principal restringido, pero el software no neutraliza adecuadamente los elementos especiales dentro del nombre de ruta que pueden hacer que el nombre de ruta se resuelva en una ubicación que está fuera del directorio restringido. Al utilizar elementos especiales como separadores ".." y "/", los atacantes pueden escapar de la ubicación restringida para acceder a archivos o directorios que se encuentran en otras partes del sistema.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-12-21 CVE Reserved
  • 2022-11-02 CVE Published
  • 2024-05-25 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hitachi
Search vendor "Hitachi"
Vantara Pentaho
Search vendor "Hitachi" for product "Vantara Pentaho"
>= 8.3.0.0 < 8.3.0.25
Search vendor "Hitachi" for product "Vantara Pentaho" and version " >= 8.3.0.0 < 8.3.0.25"
-
Affected
Hitachi
Search vendor "Hitachi"
Vantara Pentaho
Search vendor "Hitachi" for product "Vantara Pentaho"
>= 9.2.0.0 < 9.2.0.2
Search vendor "Hitachi" for product "Vantara Pentaho" and version " >= 9.2.0.0 < 9.2.0.2"
-
Affected