OpenDNS OpenResolve resolverapi/endpoints.py neutralization for logs

A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The CWE definition for the vulnerability is CWE-117. The weakness was disclosed 01/02/2023 as 9eba6ba5abd89d0e36a008921eb307fcef8c5311. The advisory is shared at github.com. This vulnerability is uniquely identified as CVE-2015-10011. The attack can only be done within the local network. Technical details are available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. The identifier of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. The bugfix is ready for download at github.com. It is recommended to apply a patch to fix this issue. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field01/02/2023 22:0501/27/2023 02:3501/27/2023 02:43
vendorOpenDNSOpenDNSOpenDNS
nameOpenResolveOpenResolveOpenResolve
fileresolverapi/endpoints.pyresolverapi/endpoints.pyresolverapi/endpoints.py
cwe117 (neutralization for logs)117 (neutralization for logs)117 (neutralization for logs)
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifier9eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c5311
urlhttps://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311
namePatchPatchPatch
patch_name9eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c53119eba6ba5abd89d0e36a008921eb307fcef8c5311
patch_urlhttps://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311https://github.com/opendns/OpenResolve/commit/9eba6ba5abd89d0e36a008921eb307fcef8c5311
advisoryquoteLog Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.Log Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.Log Injection Attack Vulnerability By logging the unsanitized user input, a log injection attack canoccur. This commit removes user-provided values from the logs.
cveCVE-2015-10011CVE-2015-10011CVE-2015-10011
responsibleVulDBVulDBVulDB
date1672614000 (01/02/2023)1672614000 (01/02/2023)1672614000 (01/02/2023)
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.14.14.1
cvss2_vuldb_tempscore3.63.63.6
cvss3_vuldb_basescore4.64.64.6
cvss3_vuldb_tempscore4.44.44.4
cvss3_meta_basescore4.64.66.3
cvss3_meta_tempscore4.44.46.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned1672614000 (01/02/2023)1672614000 (01/02/2023)
cve_nvd_summaryA vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability.A vulnerability classified as problematic has been found in OpenDNS OpenResolve. This affects an unknown part of the file resolverapi/endpoints.py. The manipulation leads to improper output neutralization for logs. The name of the patch is 9eba6ba5abd89d0e36a008921eb307fcef8c5311. It is recommended to apply a patch to fix this issue. The identifier VDB-217197 was assigned to this vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auS
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avA
cvss3_cna_acL
cvss3_cna_prL
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore4.1
cvss3_nvd_basescore9.8
cvss3_cna_basescore4.6

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!