CVE-2013-5093 : The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

Published 2013-09-27 10:08:03

Updated 2013-10-07 20:25:23

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2013-5093

Probability of exploitation activity in the next 30 days: 96.50%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2013-5093

Graphite Web Unsafe Pickle Handling

Disclosure Date: 2013-08-20

First seen: 2020-04-26

exploit/unix/webapp/graphite_pickle_exec

This module exploits a remote code execution vulnerability in the pickle handling of the rendering code in the Graphite Web project between version 0.9.5 and 0.9.10 (both included). Authors: - Charlie Eriksen - funkypickle

More information

CVSS scores for CVE-2013-5093

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-5093

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-5093

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/graphite_pickle_exec.rb

metasploit-framework/graphite_pickle_exec.rb at master · rapid7/metasploit-framework · GitHub
Exploit
https://github.com/graphite-project/graphite-web/blob/master/docs/releases/0_9_11.rst

graphite-web/0_9_11.rst at master · graphite-project/graphite-web · GitHub
Exploit;Patch

CVEs referencing this url
http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/

Graphite remote code execution vulnerability advisory | ceriksen.com
Exploit
http://www.exploit-db.com/exploits/27752

Graphite Web - Unsafe Pickle Handling (Metasploit) - Unix remote Exploit
Exploit
http://www.securityfocus.com/bid/61894

Graphite 'renderLocalView()' Function Remote Code Execution Vulnerability
Exploit

Products affected by CVE-2013-5093

Graphite Project » Graphite » Version: 0.9.10
cpe:2.3:a:graphite_project:graphite:0.9.10:*:*:*:*:*:*:*
Matching versions
Graphite Project » Graphite » Version: 0.9.5
cpe:2.3:a:graphite_project:graphite:0.9.5:*:*:*:*:*:*:*
Matching versions
Graphite Project » Graphite » Version: 0.9.6
cpe:2.3:a:graphite_project:graphite:0.9.6:*:*:*:*:*:*:*
Matching versions
Graphite Project » Graphite » Version: 0.9.8
cpe:2.3:a:graphite_project:graphite:0.9.8:*:*:*:*:*:*:*
Matching versions
Graphite Project » Graphite » Version: 0.9.7
cpe:2.3:a:graphite_project:graphite:0.9.7:*:*:*:*:*:*:*
Matching versions
Graphite Project » Graphite » Version: 0.9.9
cpe:2.3:a:graphite_project:graphite:0.9.9:*:*:*:*:*:*:*
Matching versions