CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CVE-2020-14299 (GCVE-0-2020-14299)
Vulnerability from cvelistv5 – Published: 2020-10-16 13:10 – Updated: 2024-08-04 12:39
VLAI
Summary
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1848533 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "picketbox",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "redhat-picketbox 5.0.3.Final-redhat-00007"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T13:10:43.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "picketbox",
"version": {
"version_data": [
{
"version_value": "redhat-picketbox 5.0.3.Final-redhat-00007"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14299",
"datePublished": "2020-10-16T13:10:43.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:39:36.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14380 (GCVE-0-2020-14380)
Vulnerability from cvelistv5 – Published: 2021-06-02 12:27 – Updated: 2024-08-04 12:46
VLAI
Summary
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1873926 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Red Hat Satellite |
Affected:
Red Hat Satellite 6.8
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.287Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873926"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Hat Satellite",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Red Hat Satellite 6.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-02T12:27:11.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1873926"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14380",
"datePublished": "2021-06-02T12:27:11.000Z",
"dateReserved": "2020-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.287Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14494 (GCVE-0-2020-14494)
Vulnerability from cvelistv5 – Published: 2020-07-20 14:45 – Updated: 2024-08-04 12:46
VLAI
Summary
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.
Severity
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | OpenClinic GA |
Affected:
Versions 5.09.02 and 5.89.05b
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.648Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenClinic GA",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Versions 5.09.02 and 5.89.05b"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-20T14:45:28.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenClinic GA",
"version": {
"version_data": [
{
"version_value": "Versions 5.09.02 and 5.89.05b"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14494",
"datePublished": "2020-07-20T14:45:28.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:46:34.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15136 (GCVE-0-2020-15136)
Vulnerability from cvelistv5 – Published: 2020-08-06 22:45 – Updated: 2024-08-04 13:08
VLAI
Title
Improper authentication in etcd
Summary
In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality.
Severity
6.5 (Medium)
CWE
- CWE-287 - {"CWE-287":"Improper Authentication"}
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/etcd-io/etcd/security/advisori… | x_refsource_CONFIRM |
| https://github.com/etcd-io/etcd/blob/master/Docum… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:21.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"
},
{
"name": "FEDORA-2020-cd43b84c16",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "etcd",
"vendor": "etcd-io",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4.0, \u003c 3.4.10"
},
{
"status": "affected",
"version": "\u003c 3.3.23"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "{\"CWE-287\":\"Improper Authentication\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T02:06:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"
},
{
"name": "FEDORA-2020-cd43b84c16",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"
}
],
"source": {
"advisory": "GHSA-wr2v-9rpq-c35q",
"discovery": "UNKNOWN"
},
"title": "Improper authentication in etcd",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15136",
"STATE": "PUBLIC",
"TITLE": "Improper authentication in etcd"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "etcd",
"version": {
"version_data": [
{
"version_value": "\u003e= 3.4.0, \u003c 3.4.10"
},
{
"version_value": "\u003c 3.3.23"
}
]
}
}
]
},
"vendor_name": "etcd-io"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. When starting a gateway, TLS authentication will only be attempted on endpoints identified in DNS SRV records for a given domain, which occurs in the discoverEndpoints function. No authentication is performed against endpoints provided in the --endpoints flag. This has been fixed in versions 3.4.10 and 3.3.23 with improved documentation and deprecation of the functionality."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-287\":\"Improper Authentication\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q",
"refsource": "CONFIRM",
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q"
},
{
"name": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md",
"refsource": "MISC",
"url": "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md"
},
{
"name": "FEDORA-2020-cd43b84c16",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/"
}
]
},
"source": {
"advisory": "GHSA-wr2v-9rpq-c35q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15136",
"datePublished": "2020-08-06T22:45:14.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:21.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15164 (GCVE-0-2020-15164)
Vulnerability from cvelistv5 – Published: 2020-08-28 17:05 – Updated: 2024-08-04 13:08
VLAI
Title
Authentication Bypass in Scratch Login (mediawiki-scratch-login)
Summary
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.
Severity
10 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/InternationalScratchWiki/media… | x_refsource_CONFIRM |
| https://github.com/InternationalScratchWiki/media… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| InternationalScratchWiki | mediawiki-scratch-login |
Affected:
< 1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "mediawiki-scratch-login",
"vendor": "InternationalScratchWiki",
"versions": [
{
"status": "affected",
"version": "\u003c 1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-28T17:05:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679"
}
],
"source": {
"advisory": "GHSA-8fq5-g4m5-6j43",
"discovery": "UNKNOWN"
},
"title": "Authentication Bypass in Scratch Login (mediawiki-scratch-login)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15164",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass in Scratch Login (mediawiki-scratch-login)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mediawiki-scratch-login",
"version": {
"version_data": [
{
"version_value": "\u003c 1.1"
}
]
}
}
]
},
"vendor_name": "InternationalScratchWiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43",
"refsource": "CONFIRM",
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43"
},
{
"name": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679",
"refsource": "MISC",
"url": "https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679"
}
]
},
"source": {
"advisory": "GHSA-8fq5-g4m5-6j43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15164",
"datePublished": "2020-08-28T17:05:13.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15222 (GCVE-0-2020-15222)
Vulnerability from cvelistv5 – Published: 2020-09-24 16:15 – Updated: 2024-08-04 13:08
VLAI
Title
Replay of private_key_jwt possible in ORY Fosite
Summary
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.
Severity
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/ory/fosite/security/advisories… | x_refsource_CONFIRM |
| https://github.com/ory/fosite/commit/0c9e0f6d6549… | x_refsource_MISC |
| https://openid.net/specs/openid-connect-core-1_0.… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "fosite",
"vendor": "ory",
"versions": [
{
"status": "affected",
"version": "\u003c 0.31.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ORY Fosite (the security first OAuth2 \u0026 OpenID Connect framework for Go) before version 0.31.0, when using \"private_key_jwt\" authentication the uniqueness of the `jti` value is not checked. When using client authentication method \"private_key_jwt\", OpenId specification says the following about assertion `jti`: \"A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties\". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-24T16:15:52.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication"
}
],
"source": {
"advisory": "GHSA-v3q9-2p3m-7g43",
"discovery": "UNKNOWN"
},
"title": "Replay of private_key_jwt possible in ORY Fosite",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15222",
"STATE": "PUBLIC",
"TITLE": "Replay of private_key_jwt possible in ORY Fosite"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fosite",
"version": {
"version_data": [
{
"version_value": "\u003c 0.31.0"
}
]
}
}
]
},
"vendor_name": "ory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ORY Fosite (the security first OAuth2 \u0026 OpenID Connect framework for Go) before version 0.31.0, when using \"private_key_jwt\" authentication the uniqueness of the `jti` value is not checked. When using client authentication method \"private_key_jwt\", OpenId specification says the following about assertion `jti`: \"A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties\". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43",
"refsource": "CONFIRM",
"url": "https://github.com/ory/fosite/security/advisories/GHSA-v3q9-2p3m-7g43"
},
{
"name": "https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9",
"refsource": "MISC",
"url": "https://github.com/ory/fosite/commit/0c9e0f6d654913ad57c507dd9a36631e1858a3e9"
},
{
"name": "https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication",
"refsource": "MISC",
"url": "https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication"
}
]
},
"source": {
"advisory": "GHSA-v3q9-2p3m-7g43",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15222",
"datePublished": "2020-09-24T16:15:52.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15240 (GCVE-0-2020-15240)
Vulnerability from cvelistv5 – Published: 2020-10-21 17:25 – Updated: 2024-08-04 13:08
VLAI
Title
Regression in JWT Signature Validation
Summary
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK’s default Authorization Code Flow. The issue is patched in version 2.4.1.
Severity
7.4 (High)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/auth0/omniauth-auth0/security/… | x_refsource_CONFIRM |
| https://github.com/auth0/omniauth-auth0/commit/fd… | x_refsource_MISC |
| https://rubygems.org/gems/omniauth-auth0 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| auth0 | omniauth-auth0 |
Affected:
>= 2.3.0, <2.4.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rubygems.org/gems/omniauth-auth0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "omniauth-auth0",
"vendor": "auth0",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3.0, \u003c2.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "omniauth-auth0 (rubygems) versions \u003e= 2.3.0 and \u003c 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK\u2019s default Authorization Code Flow. The issue is patched in version 2.4.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-21T17:25:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rubygems.org/gems/omniauth-auth0"
}
],
"source": {
"advisory": "GHSA-58r4-h6v8-jcvm",
"discovery": "UNKNOWN"
},
"title": "Regression in JWT Signature Validation",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15240",
"STATE": "PUBLIC",
"TITLE": "Regression in JWT Signature Validation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "omniauth-auth0",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.3.0, \u003c2.4.1"
}
]
}
}
]
},
"vendor_name": "auth0"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "omniauth-auth0 (rubygems) versions \u003e= 2.3.0 and \u003c 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by this vulnerability if all of the following conditions apply: 1. You are using `omniauth-auth0`. 2. You are using `JWTValidator.verify` method directly OR you are not authenticating using the SDK\u2019s default Authorization Code Flow. The issue is patched in version 2.4.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-347 Improper Verification of Cryptographic Signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm",
"refsource": "CONFIRM",
"url": "https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm"
},
{
"name": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a",
"refsource": "MISC",
"url": "https://github.com/auth0/omniauth-auth0/commit/fd3a14f4ccdfbc515d1121d6378ff88bf55a7a7a"
},
{
"name": "https://rubygems.org/gems/omniauth-auth0",
"refsource": "MISC",
"url": "https://rubygems.org/gems/omniauth-auth0"
}
]
},
"source": {
"advisory": "GHSA-58r4-h6v8-jcvm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15240",
"datePublished": "2020-10-21T17:25:14.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:22.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15243 (GCVE-0-2020-15243)
Vulnerability from cvelistv5 – Published: 2020-10-08 22:40 – Updated: 2024-08-04 13:08
VLAI
Title
WebApi Authentication attribute missing in Smartstore
Summary
Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 & 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability.
Severity
9.1 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/smartstore/SmartStoreNET/secur… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| smartstore | SmartStoreNET |
Affected:
>= 4.0.0, <= 4.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:23.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/smartstore/SmartStoreNET/security/advisories/GHSA-8g9m-jx26-qp4h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmartStoreNET",
"vendor": "smartstore",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c= 4.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 \u0026 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-08T22:40:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/smartstore/SmartStoreNET/security/advisories/GHSA-8g9m-jx26-qp4h"
}
],
"source": {
"advisory": "GHSA-8g9m-jx26-qp4h",
"discovery": "UNKNOWN"
},
"title": "WebApi Authentication attribute missing in Smartstore",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15243",
"STATE": "PUBLIC",
"TITLE": "WebApi Authentication attribute missing in Smartstore"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartStoreNET",
"version": {
"version_data": [
{
"version_value": "\u003e= 4.0.0, \u003c= 4.0.1"
}
]
}
}
]
},
"vendor_name": "smartstore"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Affected versions of Smartstore have a missing WebApi Authentication attribute. This vulnerability affects Smartstore shops in version 4.0.0 \u0026 4.0.1 which have installed and activated the Web API plugin. Users of Smartstore 4.0.0 and 4.0.1 must merge their repository with 4.0.x or overwrite the file SmartStore.Web.Framework in the */bin* directory of the deployed shop with this file. As a workaround without updating uninstall the Web API plugin to close this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/smartstore/SmartStoreNET/security/advisories/GHSA-8g9m-jx26-qp4h",
"refsource": "CONFIRM",
"url": "https://github.com/smartstore/SmartStoreNET/security/advisories/GHSA-8g9m-jx26-qp4h"
}
]
},
"source": {
"advisory": "GHSA-8g9m-jx26-qp4h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15243",
"datePublished": "2020-10-08T22:40:12.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:08:23.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15269 (GCVE-0-2020-15269)
Vulnerability from cvelistv5 – Published: 2020-10-20 20:15 – Updated: 2024-08-04 13:15
VLAI
Title
Expired token reuse in Spree
Summary
In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory.
Severity
7.4 (High)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/spree/spree/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/spree/spree/commit/e43643abfe5… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:18.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "spree",
"vendor": "spree",
"versions": [
{
"status": "affected",
"version": "\u003c 3.7.11"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"status": "affected",
"version": "\u003e= 4.1.0, \u003c 4.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "{\"CWE-287\":\"Improper Authentication\"}",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "{\"CWE-613\":\"Insufficient Session Expiration\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-20T20:15:14.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847"
}
],
"source": {
"advisory": "GHSA-f8cm-364f-q9qh",
"discovery": "UNKNOWN"
},
"title": "Expired token reuse in Spree",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15269",
"STATE": "PUBLIC",
"TITLE": "Expired token reuse in Spree"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spree",
"version": {
"version_data": [
{
"version_value": "\u003c 3.7.11"
},
{
"version_value": "\u003e= 4.0.0, \u003c 4.0.4"
},
{
"version_value": "\u003e= 4.1.0, \u003c 4.1.11"
}
]
}
}
]
},
"vendor_name": "spree"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints. The issue is patched in versions 3.7.11, 4.0.4 and 4.1.11. A workaround without upgrading is described in the linked advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-287\":\"Improper Authentication\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-613\":\"Insufficient Session Expiration\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qh",
"refsource": "CONFIRM",
"url": "https://github.com/spree/spree/security/advisories/GHSA-f8cm-364f-q9qh"
},
{
"name": "https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847",
"refsource": "MISC",
"url": "https://github.com/spree/spree/commit/e43643abfe51f54bd9208dd02298b366e9b9a847"
}
]
},
"source": {
"advisory": "GHSA-f8cm-364f-q9qh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15269",
"datePublished": "2020-10-20T20:15:14.000Z",
"dateReserved": "2020-06-25T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:15:18.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-16098 (GCVE-0-2020-16098)
Vulnerability from cvelistv5 – Published: 2020-09-15 13:22 – Updated: 2024-08-04 13:37
VLAI
Summary
It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported.
Severity
9.8 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security.gallagher.com/Security-Advisorie… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Gallagher | Command Centre |
Affected:
unspecified , ≤ 7.90
(custom)
Affected: 8.20 , < 8.20.1166(MR3) (custom) Affected: 8.10 , < 8.10.1211(MR5) (custom) Affected: 8.00 , < 8.00.1228(MR6) (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:53.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Command Centre",
"vendor": "Gallagher",
"versions": [
{
"lessThanOrEqual": "7.90",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "8.20.1166(MR3)",
"status": "affected",
"version": "8.20",
"versionType": "custom"
},
{
"lessThan": "8.10.1211(MR5)",
"status": "affected",
"version": "8.10",
"versionType": "custom"
},
{
"lessThan": "8.00.1228(MR6)",
"status": "affected",
"version": "8.00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T13:22:55.000Z",
"orgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"shortName": "Gallagher"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "disclosures@gallagher.com",
"ID": "CVE-2020-16098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Command Centre",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.20",
"version_value": "8.20.1166(MR3)"
},
{
"version_affected": "\u003c",
"version_name": "8.10",
"version_value": "8.10.1211(MR5)"
},
{
"version_affected": "\u003c",
"version_name": "8.00",
"version_value": "8.00.1228(MR6)"
},
{
"version_affected": "\u003c=",
"version_value": "7.90"
}
]
}
}
]
},
"vendor_name": "Gallagher"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It is possible to enumerate access card credentials via an unauthenticated network connection to the server in versions of Command Centre v8.20 prior to v8.20.1166(MR3), versions of 8.10 prior to v8.10.1211(MR5), versions of 8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. These credentials can then be used to encode low security cards to be used by the system where insecure card technologies are supported."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098",
"refsource": "MISC",
"url": "https://security.gallagher.com/Security-Advisories/CVE-2020-16098"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "0c426f27-3ee1-4eff-be88-288d5a1822bc",
"assignerShortName": "Gallagher",
"cveId": "CVE-2020-16098",
"datePublished": "2020-09-15T13:22:55.000Z",
"dateReserved": "2020-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T13:37:53.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use an authentication framework or library such as the OWASP ESAPI Authentication feature.
CAPEC-114: Authentication Abuse
An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker.
CAPEC-115: Authentication Bypass
An attacker gains access to application, service, or device with the privileges of an authorized or privileged user by evading or circumventing an authentication mechanism. The attacker is therefore able to access protected data without authentication ever having taken place.
CAPEC-151: Identity Spoofing
Identity Spoofing refers to the action of assuming (i.e., taking on) the identity of some other entity (human or non-human) and then using that identity to accomplish a goal. An adversary may craft messages that appear to come from a different principle or use stolen / spoofed authentication credentials.
CAPEC-194: Fake the Source of Data
An adversary takes advantage of improper authentication to provide data or services under a falsified identity. The purpose of using the falsified identity may be to prevent traceability of the provided data or to assume the rights granted to another individual. One of the simplest forms of this attack would be the creation of an email message with a modified "From" field in order to appear that the message was sent from someone other than the actual sender. The root of the attack (in this case the email system) fails to properly authenticate the source and this results in the reader incorrectly performing the instructed action. Results of the attack vary depending on the details of the attack, but common results include privilege escalation, obfuscation of other attacks, and data corruption/manipulation.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-57: Utilizing REST's Trust in the System Resource to Obtain Sensitive Data
This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to obtain sensitive data once SSL is terminated.
CAPEC-593: Session Hijacking
This type of attack involves an adversary that exploits weaknesses in an application's use of sessions in performing authentication. The adversary is able to steal or manipulate an active session and use it to gain unathorized access to the application.
CAPEC-633: Token Impersonation
An adversary exploits a weakness in authentication to create an access token (or equivalent) that impersonates a different entity, and then associates a process/thread to that that impersonated token. This action causes a downstream user to make a decision or take action that is based on the assumed identity, and not the response that blocks the adversary.
CAPEC-650: Upload a Web Shell to a Web Server
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.