Vulnerability-Lookup

CNVD-2021-52413

Vulnerability from cnvd - Published: 2021-07-20

Title

Ratpack存在未明漏洞（CNVD-2021-52413）

Description

Ratpack是一款用于构建可扩展HTTP应用程序的Java库。 Ratpack 1.9.0之前版本存在安全漏洞，该漏洞源于客户端会话模块默认使用应用程序启动时间作为签名密钥，攻击者可利用该漏洞篡改会话数据中的cookie。

Severity

低

Patch Name

Ratpack存在未明漏洞（CNVD-2021-52413）的补丁

Patch Description

Ratpack是一款用于构建可扩展HTTP应用程序的Java库。 Ratpack 1.9.0之前版本存在安全漏洞，该漏洞源于客户端会话模块默认使用应用程序启动时间作为签名密钥，攻击者可利用该漏洞篡改会话数据中的cookie。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-29480

Impacted products

Name
Ratpack Ratpack <1.9.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29480"
    }
  },
  "description": "Ratpack\u662f\u4e00\u6b3e\u7528\u4e8e\u6784\u5efa\u53ef\u6269\u5c55HTTP\u5e94\u7528\u7a0b\u5e8f\u7684Java\u5e93\u3002\n\nRatpack 1.9.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5ba2\u6237\u7aef\u4f1a\u8bdd\u6a21\u5757\u9ed8\u8ba4\u4f7f\u7528\u5e94\u7528\u7a0b\u5e8f\u542f\u52a8\u65f6\u95f4\u4f5c\u4e3a\u7b7e\u540d\u5bc6\u94a5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7be1\u6539\u4f1a\u8bdd\u6570\u636e\u4e2d\u7684cookie\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-52413",
  "openTime": "2021-07-20",
  "patchDescription": "Ratpack\u662f\u4e00\u6b3e\u7528\u4e8e\u6784\u5efa\u53ef\u6269\u5c55HTTP\u5e94\u7528\u7a0b\u5e8f\u7684Java\u5e93\u3002\r\n\r\nRatpack 1.9.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5ba2\u6237\u7aef\u4f1a\u8bdd\u6a21\u5757\u9ed8\u8ba4\u4f7f\u7528\u5e94\u7528\u7a0b\u5e8f\u542f\u52a8\u65f6\u95f4\u4f5c\u4e3a\u7b7e\u540d\u5bc6\u94a5\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7be1\u6539\u4f1a\u8bdd\u6570\u636e\u4e2d\u7684cookie\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ratpack\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-52413\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Ratpack Ratpack \u003c1.9.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29480",
  "serverity": "\u4f4e",
  "submitTime": "2021-07-01",
  "title": "Ratpack\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2021-52413\uff09"
}

CVE-2021-29480 (GCVE-0-2021-29480)

Vulnerability from cvelistv5 – Published: 2021-06-29 18:15 – Updated: 2024-08-03 22:11

Title

Default client side session signing key is highly predictable

Summary

Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation's recommendation.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-340 - Generation of Predictable Numbers or Identifiers

Assigner

GitHub_M

References

URL

Tags

	https://github.com/ratpack/ratpack/security/advis…	x_refsource_CONFIRM
	https://github.com/ratpack/ratpack/blob/29434f7ac…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	ratpack	ratpack	Affected: < 1.9.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:05.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ratpack",
          "vendor": "ratpack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.9.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation\u0027s recommendation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T18:15:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29"
        }
      ],
      "source": {
        "advisory": "GHSA-2cc5-23r7-vc4v",
        "discovery": "UNKNOWN"
      },
      "title": "Default client side session signing key is highly predictable",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29480",
          "STATE": "PUBLIC",
          "TITLE": "Default client side session signing key is highly predictable"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ratpack",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.9.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ratpack"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Ratpack is a toolkit for creating web applications. In versions prior to 1.9.0, the client side session module uses the application startup time as the signing key by default. This means that if an attacker can determine this time, and if encryption is not also used (which is recommended, but is not on by default), the session data could be tampered with by someone with the ability to write cookies. The default configuration is unsuitable for production use as an application restart renders all sessions invalid and is not multi-host compatible, but its use is not actively prevented. As of Ratpack 1.9.0, the default value is a securely randomly generated value, generated at application startup time. As a workaround, supply an alternative signing key, as per the documentation\u0027s recommendation."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-340: Generation of Predictable Numbers or Identifiers"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v",
              "refsource": "CONFIRM",
              "url": "https://github.com/ratpack/ratpack/security/advisories/GHSA-2cc5-23r7-vc4v"
            },
            {
              "name": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29",
              "refsource": "MISC",
              "url": "https://github.com/ratpack/ratpack/blob/29434f7ac6fd4b36a4495429b70f4c8163100332/ratpack-session/src/main/java/ratpack/session/clientside/ClientSideSessionConfig.java#L29"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-2cc5-23r7-vc4v",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-29480",
    "datePublished": "2021-06-29T18:15:12",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:05.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-52413

CVE-2021-29480 (GCVE-0-2021-29480)

Tags

Sightings

Nomenclature