GSD-2022-24721

Vulnerability from gsd - Updated: 2023-12-13 01:19
Details
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.
Aliases
Aliases
CVE-2022-24721
To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-24721",
    "description": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.",
    "id": "GSD-2022-24721"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-24721"
      ],
      "details": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.",
      "id": "GSD-2022-24721",
      "modified": "2023-12-13T01:19:43.058326Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-24721",
        "STATE": "PUBLIC",
        "TITLE": "Incorrect Authorization in org.cometd.oort"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "cometd",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 5.0.11"
                        },
                        {
                          "version_value": "\u003e= 6.0.0, \u003c 6.0.6"
                        },
                        {
                          "version_value": "\u003e= 7.0.0, \u003c 7.0.6"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "cometd"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-863: Incorrect Authorization"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
            "refsource": "CONFIRM",
            "url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
          },
          {
            "name": "https://github.com/cometd/cometd/issues/1146",
            "refsource": "MISC",
            "url": "https://github.com/cometd/cometd/issues/1146"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-rjmq-6v55-4rjv",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,5.0.11),[6.0.0,6.0.6),[7.0.0,7.0.6)",
          "affected_versions": "All versions before 5.0.11, all versions starting from 6.0.0 before 6.0.6, all versions starting from 7.0.0 before 7.0.6",
          "cwe_ids": [
            "CWE-1035",
            "CWE-863",
            "CWE-937"
          ],
          "date": "2022-03-18",
          "description": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.",
          "fixed_versions": [
            "5.0.11",
            "6.0.6",
            "7.0.6"
          ],
          "identifier": "CVE-2022-24721",
          "identifiers": [
            "GHSA-rjmq-6v55-4rjv",
            "CVE-2022-24721"
          ],
          "not_impacted": "All versions starting from 5.0.11 before 6.0.0, all versions starting from 6.0.6 before 7.0.0, all versions starting from 7.0.6",
          "package_slug": "maven/org.cometd.java/cometd-java-oort",
          "pubdate": "2022-03-15",
          "solution": "Upgrade to versions 5.0.11, 6.0.6, 7.0.6 or above.",
          "title": "Incorrect Authorization",
          "urls": [
            "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
            "https://github.com/cometd/cometd/commit/bb445a143fbf320f17c62e340455cd74acfb5929",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-24721",
            "https://github.com/cometd/cometd/issues/1146",
            "https://github.com/advisories/GHSA-rjmq-6v55-4rjv"
          ],
          "uuid": "5231183b-3a1e-4411-a11e-c092a1efc914"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.0.6",
                "versionStartIncluding": "6.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cometd:cometd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.0.6",
                "versionStartIncluding": "7.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-24721"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users\u0027 (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user\u0027s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/cometd/cometd/issues/1146",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://github.com/cometd/cometd/issues/1146"
            },
            {
              "name": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/cometd/cometd/security/advisories/GHSA-rjmq-6v55-4rjv"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2022-03-25T13:06Z",
      "publishedDate": "2022-03-15T14:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.