GHSA-C7PC-PGF6-MFH5

Vulnerability from github – Published: 2022-11-10 21:46 – Updated: 2022-11-10 21:46
VLAI?
Summary
ezplatform-graphql GraphQL queries can expose password hashes
Details

Impact

Unauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.

Patches

Resolving versions: Ibexa DXP v1.0.13, v2.3.12

Workarounds

Remove the "passwordHash" entry from "src/bundle/Resources/config/graphql/User.types.yaml" in the GraphQL package, and other properties like hash type, email, login if you prefer.

References

This issue was reported to us by Philippe Tranca ("trancap") of the company Lexfo. We are very grateful for their research, and responsible disclosure to us of this critical vulnerability.

For more information

If you have any questions or comments about this advisory, please contact Support via your service portal.

Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezplatform-graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-rc1"
            },
            {
              "fixed": "1.0.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezplatform-graphql"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0-beta1"
            },
            {
              "fixed": "2.3.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200",
      "CWE-922"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-10T21:46:14Z",
    "nvd_published_at": "2022-11-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nUnauthenticated GraphQL queries for user accounts can expose password hashes of users that have created or modified content, typically but not necessarily limited to administrators and editors.\n\n### Patches\n\nResolving versions: Ibexa DXP v1.0.13, v2.3.12\n\n### Workarounds\nRemove the \"passwordHash\" entry from \"src/bundle/Resources/config/graphql/User.types.yaml\" in the GraphQL package, and other properties like hash type, email, login if you prefer.\n\n### References\n\nThis issue was reported to us by Philippe Tranca (\"trancap\") of the company Lexfo. We are very grateful for their research, and responsible disclosure to us of this critical vulnerability. \n\n### For more information\nIf you have any questions or comments about this advisory, please contact Support via your service portal.",
  "id": "GHSA-c7pc-pgf6-mfh5",
  "modified": "2022-11-10T21:46:14Z",
  "published": "2022-11-10T21:46:14Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/ezsystems/ezplatform-graphql/security/advisories/GHSA-c7pc-pgf6-mfh5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41876"
    },
    {
      "type": "WEB",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-009-critical-vulnerabilities-in-graphql-role-assignment-ct-editing-and-drafts-tooltips"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ezsystems/ezplatform-graphql"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ezplatform-graphql GraphQL queries can expose password hashes"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.