The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code…
mitre·CWE-434·Published 2020-05-11
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh.
El actualizador de Gravity en Pi-hole versiones hasta 4.4, permite a un adversario autenticado cargar archivos arbitrarios. Esto puede ser abusado para una Ejecución de Código Remota al escribir en un archivo PHP en el directorio web. (Además, puede ser usado en conjunto con la regla de sudo para el usuario de www-data para escalar privilegios a root). El error de código está en la función gravity_DownloadBlocklistFromUrl en el archivo gravity.sh.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 9.0 | 8.0 | 10.0 | AV:N/AC:L/Au:S/C:C/I:C/A:C |
| 3.1 | Primary | NVD | 8.8 | 2.8 | 5.9 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |