CVE-2018-1000850 — HIGH (7.5)

Q: How severe is CVE-2018-1000850?

CVE-2018-1000850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-1000850?

Check the references section above for vendor advisories and patch information. Affected products include: Squareup Retrofit.

Vulnerability Description

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Squareup	Retrofit	>= 2.0.0, < 2.5.0

Related Weaknesses (CWE)

CWE-22

References

https://access.redhat.com/errata/RHSA-2019:3892
https://github.com/square/retrofit/blob/master/CHANGELOG.mdRelease NotesThird Party Advisory
https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a07304PatchThird Party Advisory
https://ihacktoprotect.com/post/retrofit-path-traversal/ExploitThird Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12e
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d28
https://access.redhat.com/errata/RHSA-2019:3892
https://github.com/square/retrofit/blob/master/CHANGELOG.mdRelease NotesThird Party Advisory
https://github.com/square/retrofit/commit/b9a7f6ad72073ddd40254c0058710e87a07304PatchThird Party Advisory
https://ihacktoprotect.com/post/retrofit-path-traversal/ExploitThird Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12e
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d28

FAQ

What is CVE-2018-1000850?

CVE-2018-1000850 is a vulnerability with a CVSS score of 7.5 (HIGH). Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipula...

How severe is CVE-2018-1000850?

CVE-2018-1000850 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000850?

Check the references section above for vendor advisories and patch information. Affected products include: Squareup Retrofit.