Composer Setup
CVE-2020-15145
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing C:\ProgramData\ComposerSetup\bin\composer.bat in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the C:\ProgramData\ComposerSetup\bin folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability.
AnalysisAI
In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Technical ContextAI
This vulnerability is classified as Incorrect Default Permissions (CWE-276), which allows attackers to access resources due to overly permissive default settings. In Composer-Setup for Windows before version 6.0.0, if the developer's computer is shared with other users, a local attacker may be able to exploit the following scenarios. 1. A local regular user may modify the existing C:\ProgramData\ComposerSetup\bin\composer.bat in order to get elevated command execution when composer is run by an administrator. 2. A local regular user may create a specially crafted dll in the C:\ProgramData\ComposerSetup\bin folder in order to get Local System privileges. See: https://itm4n.github.io/windows-server-netman-dll-hijacking. 3. If the directory of the php.exe selected by the user is not in the system path, it is added without checking that it is admin secured, as per Microsoft guidelines. See: https://msrc-blog.microsoft.com/2018/04/04/triaging-a-dll-planting-vulnerability. Affected products include: Getcomposer Composer-Setup. Version information: version 6.0.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Set restrictive default permissions, follow principle of least privilege, review defaults during deployment.
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today