GSD-2020-15233
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-15233",
"description": "ORY Fosite is a security first OAuth2 \u0026 OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.",
"id": "GSD-2020-15233"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-15233"
],
"details": "ORY Fosite is a security first OAuth2 \u0026 OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.",
"id": "GSD-2020-15233",
"modified": "2023-12-13T01:21:43.800107Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15233",
"STATE": "PUBLIC",
"TITLE": "OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fosite",
"version": {
"version_data": [
{
"version_value": "\u003c 0.34.1"
}
]
}
}
]
},
"vendor_name": "ory"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ORY Fosite is a security first OAuth2 \u0026 OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-20\":\"Improper Input Validation\"}"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-601\":\"URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
"refsource": "MISC",
"url": "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf"
},
{
"name": "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5",
"refsource": "CONFIRM",
"url": "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5"
}
]
},
"source": {
"advisory": "GHSA-rfq3-w54c-f9q5",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=v0.30.2 \u003cv0.34.1",
"affected_versions": "All versions starting from 0.30.2 before 0.34.1",
"cvss_v2": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-601",
"CWE-937"
],
"date": "2021-11-18",
"description": "ORY Fosite is a security first OAuth2 \u0026 OpenID Connect framework for Go. In Fosite, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL and actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface.",
"fixed_versions": [
"v0.34.1"
],
"identifier": "CVE-2020-15233",
"identifiers": [
"CVE-2020-15233",
"GHSA-rfq3-w54c-f9q5"
],
"not_impacted": "All versions before 0.30.2, all versions starting from 0.34.1",
"package_slug": "go/github.com/ory/fosite",
"pubdate": "2020-10-02",
"solution": "Upgrade to version 0.34.1 or above.",
"title": "URL Redirection to Untrusted Site (Open Redirect)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-15233"
],
"uuid": "133104e3-98db-4c65-aeba-5491e8315d97",
"versions": [
{
"commit": {
"sha": "3ece795f3080db5de3529cea9bfa670e70704686",
"tags": [
"v0.30.2"
],
"timestamp": "20191121154944"
},
"number": "v0.30.2"
},
{
"commit": {
"sha": "cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
"tags": [
"v0.34.1"
],
"timestamp": "20201002131549"
},
"number": "v0.34.1"
}
]
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.34.1",
"versionStartIncluding": "0.30.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15233"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "ORY Fosite is a security first OAuth2 \u0026 OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5"
},
{
"name": "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
},
"lastModifiedDate": "2021-11-18T16:48Z",
"publishedDate": "2020-10-02T21:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…