CWE-1385

Missing Origin Validation in WebSockets

The product uses a WebSocket, but it does not properly verify that the source of data or communication is valid.

CVE-2014-125071 (GCVE-0-2014-125071)
Vulnerability from cvelistv5
Published
2023-01-09 20:45
Modified
2024-11-25 16:38
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716.
References
Impacted products
Vendor Product Version
lukehutch Gribbit Version: n/a
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T14:10:56.622Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.217716"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.217716"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2014-125071",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-25T16:38:28.333451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T16:38:47.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Gribbit",
          "vendor": "lukehutch",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716."
        },
        {
          "lang": "de",
          "value": "Es wurde eine problematische Schwachstelle in lukehutch Gribbit ausgemacht. Hiervon betroffen ist die Funktion messageReceived der Datei src/gribbit/request/HttpRequestHandler.java. Durch Manipulation mit unbekannten Daten kann eine missing origin validation in websockets-Schwachstelle ausgenutzt werden. Der Patch wird als 620418df247aebda3dd4be1dda10fe229ea505dd bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.2,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385 Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-20T06:39:51.989Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.217716"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.217716"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/lukehutch/gribbit/commit/620418df247aebda3dd4be1dda10fe229ea505dd"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-01-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-01-09T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-01-09T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-01-30T15:34:58.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "lukehutch Gribbit HttpRequestHandler.java messageReceived missing origin validation in websockets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2014-125071",
    "datePublished": "2023-01-09T20:45:48.967Z",
    "dateReserved": "2023-01-09T20:45:30.204Z",
    "dateUpdated": "2024-11-25T16:38:47.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-2886 (GCVE-0-2023-2886)
Vulnerability from cvelistv5
Published
2023-05-25 08:31
Modified
2025-01-15 21:11
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
References
Impacted products
Vendor Product Version
CBOT Chatbot Version: 0   < Core: v4.0.3.4 Panel: v4.0.3.7
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T06:41:03.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "government-resource",
              "x_transferred"
            ],
            "url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-2886",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-15T21:11:13.681779Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-15T21:11:30.965Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Chatbot",
          "vendor": "CBOT",
          "versions": [
            {
              "lessThan": "Core: v4.0.3.4 Panel: v4.0.3.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Koray Seyfullah DANISMA"
        }
      ],
      "datePublic": "2023-05-25T08:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.\u003cp\u003eThis issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\u003c/p\u003e"
            }
          ],
          "value": "Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-389",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-389 Content Spoofing Via Application API Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385 Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-18T07:37:07.056Z",
        "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
        "shortName": "TR-CERT"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.usom.gov.tr/bildirim/tr-23-0293"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the\u0026nbsp;Core to \u0026gt;= v4.0.3.4 and the Panel to \u0026gt;= v4.0.3.7 ."
            }
          ],
          "value": "Update the\u00a0Core to \u003e= v4.0.3.4 and the Panel to \u003e= v4.0.3.7 ."
        }
      ],
      "source": {
        "advisory": "TR-23-0293",
        "defect": [
          "TR-23-0293"
        ],
        "discovery": "USER"
      },
      "title": "Cross-Site WebSocket Hijacking in CBOT\u0027s Chatbot",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
    "assignerShortName": "TR-CERT",
    "cveId": "CVE-2023-2886",
    "datePublished": "2023-05-25T08:31:24.499Z",
    "dateReserved": "2023-05-25T08:03:31.837Z",
    "dateUpdated": "2025-01-15T21:11:30.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-30856 (GCVE-0-2023-30856)
Vulnerability from cvelistv5
Published
2023-04-28 15:54
Modified
2025-01-30 16:52
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
  • CWE-346 - Origin Validation Error
Summary
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.
Impacted products
Vendor Product Version
GitSquared edex-ui Version: <= 2.2.8
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:37:15.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"
          },
          {
            "name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"
          },
          {
            "name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-30856",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-30T16:52:19.893406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-30T16:52:24.144Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "edex-ui",
          "vendor": "GitSquared",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.2.8"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX\u0027s internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385: Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-28T15:54:54.891Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/GitSquared/edex-ui/security/advisories/GHSA-q8xc-f2wf-ffh9"
        },
        {
          "name": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://christian-schneider.net/CrossSiteWebSocketHijacking.html"
        },
        {
          "name": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GitSquared/edex-ui/blob/04a00c4079908788b371c6ecdefff96d0d9950f8/src/classes/terminal.class.js#L458"
        }
      ],
      "source": {
        "advisory": "GHSA-q8xc-f2wf-ffh9",
        "discovery": "UNKNOWN"
      },
      "title": "eDEX-UI cross-site websocket hijacking vulnerability enables remote command execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-30856",
    "datePublished": "2023-04-28T15:54:54.891Z",
    "dateReserved": "2023-04-18T16:13:15.882Z",
    "dateUpdated": "2025-01-30T16:52:24.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32264 (GCVE-0-2023-32264)
Vulnerability from cvelistv5
Published
2024-03-08 20:48
Modified
2024-08-12 20:05
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability could allow upload arbitrary code and execute it on the client's computer.
Impacted products
Vendor Product Version
OpenText Documentum D2 Version: 16.5.1   <
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0799355"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:emc:documentum_d2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "documentum_d2",
            "vendor": "emc",
            "versions": [
              {
                "lessThanOrEqual": "ce_23.2",
                "status": "affected",
                "version": "16.5.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-12T18:17:22.781655Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T20:05:05.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Documentum D2",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThanOrEqual": "CE 23.2 ",
              "status": "affected",
              "version": "16.5.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cbr\u003eCWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability\u0026nbsp;could allow upload arbitrary code and execute it on the client\u0027s computer.\n\n\u003cbr\u003e"
            }
          ],
          "value": "CWE-1385 vulnerability in OpenText Documentum D2 affecting versions16.5.1 to CE 23.2. The vulnerability\u00a0could allow upload arbitrary code and execute it on the client\u0027s computer.\n\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-23",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-23 File Content Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385: Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-08T20:48:07.941Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0799355"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cu\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0799355\"\u003ehttps://support.opentext.com/csm?id=kb_article_view\u0026amp;sysparm_article=KB0799355\u003c/a\u003e\u003c/u\u003e\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": " https://support.opentext.com/csm?id=kb_article_view\u0026sysparm_article=KB0799355 https://support.opentext.com/csm \n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-32264",
    "datePublished": "2024-03-08T20:48:07.941Z",
    "dateReserved": "2023-05-05T14:42:20.153Z",
    "dateUpdated": "2024-08-12T20:05:05.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-49805 (GCVE-0-2023-49805)
Vulnerability from cvelistv5
Published
2023-12-11 22:37
Modified
2024-08-02 22:01
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with "No-auth" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`.
Impacted products
Vendor Product Version
louislam uptime-kuma Version: < 1.23.9
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:26.032Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr"
          },
          {
            "name": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "uptime-kuma",
          "vendor": "louislam",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c  1.23.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application.\n\nWithout origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with \"No-auth\" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application.\n\nIn version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385: Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-11T22:37:04.802Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/louislam/uptime-kuma/security/advisories/GHSA-mj22-23ff-2hrr"
        },
        {
          "name": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/louislam/uptime-kuma/commit/2815cc73cfd9d8ced889e00e72899708220d184f"
        }
      ],
      "source": {
        "advisory": "GHSA-mj22-23ff-2hrr",
        "discovery": "UNKNOWN"
      },
      "title": "Uptime Kuma Missing Origin Validation in WebSockets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-49805",
    "datePublished": "2023-12-11T22:37:04.802Z",
    "dateReserved": "2023-11-30T13:39:50.865Z",
    "dateUpdated": "2024-08-02T22:01:26.032Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-1657 (GCVE-0-2024-1657)
Vulnerability from cvelistv5
Published
2024-04-25 16:28
Modified
2024-11-24 12:57
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system.
References
https://access.redhat.com/errata/RHSA-2024:1057 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-1657 vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2265085 issue-tracking, x_refsource_REDHAT
Impacted products
Vendor Product Version
Version: 0   
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:2.4-6.el8ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.0.5-1.el8ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 8 Unaffected: 0:1.0.5-1.el8ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:2.4-6.el9ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.0.5-1.el9ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
   Red Hat Red Hat Ansible Automation Platform 2.4 for RHEL 9 Unaffected: 0:1.0.5-1.el9ap   < *
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9
    cpe:/a:redhat:ansible_automation_platform:2.4::el9
    cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8
    cpe:/a:redhat:ansible_automation_platform:2.4::el8
    cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1657",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:57:21.450537Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:57:40.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:48:21.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1057"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1657"
          },
          {
            "name": "RHBZ#2265085",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/ansible/ansible",
          "defaultStatus": "unaffected",
          "packageName": "ansible",
          "versions": [
            {
              "lessThan": "2.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-installer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4-6.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-rulebook",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.5-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.5-1.el8ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-automation-platform-installer",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4-6.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "ansible-rulebook",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.5-1.el9ap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el9",
            "cpe:/a:redhat:ansible_automation_platform_inside:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform:2.4::el8",
            "cpe:/a:redhat:ansible_automation_platform_developer:2.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "automation-eda-controller",
          "product": "Red Hat Ansible Automation Platform 2.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.5-1.el9ap",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "datePublic": "2024-02-29T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-24T12:57:05.283Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1057"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1657"
        },
        {
          "name": "RHBZ#2265085",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265085"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-02-20T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-29T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Platform: insecure websocket used when interacting with eda server",
      "x_redhatCweChain": "CWE-923-\u003eCWE-1385: Improper Restriction of Communication Channel to Intended Endpoints leads to Missing Origin Validation in WebSockets"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1657",
    "datePublished": "2024-04-25T16:28:38.094Z",
    "dateReserved": "2024-02-20T09:47:30.627Z",
    "dateUpdated": "2024-11-24T12:57:05.283Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48849 (GCVE-0-2024-48849)
Vulnerability from cvelistv5
Published
2025-01-29 18:23
Modified
2025-01-29 18:46
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through <= 9.3.4.
Impacted products
Vendor Product Version
ABB FLXEON Version: 0   <
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T18:46:23.373172Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T18:46:37.360Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "FLXEON",
          "vendor": "ABB",
          "versions": [
            {
              "lessThanOrEqual": "\u003c= 9.3.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure."
        }
      ],
      "datePublic": "2025-01-29T04:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Origin Validation in WebSockets vulnerability in\u0026nbsp;FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests.\u0026nbsp;\u003cp\u003eThis issue affects FLXEON: through \u0026lt;= 9.3.4.\u003c/p\u003e"
            }
          ],
          "value": "Missing Origin Validation in WebSockets vulnerability in\u00a0FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests.\u00a0This issue affects FLXEON: through \u003c= 9.3.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385: Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-29T18:23:59.435Z",
        "orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
        "shortName": "ABB"
      },
      "references": [
        {
          "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108470A5684\u0026LanguageCode=en\u0026DocumentPartId=PDF\u0026Action=Launch"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication and Authorization Issues",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
    "assignerShortName": "ABB",
    "cveId": "CVE-2024-48849",
    "datePublished": "2025-01-29T18:23:59.435Z",
    "dateReserved": "2024-10-08T17:31:47.584Z",
    "dateUpdated": "2025-01-29T18:46:37.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-51775 (GCVE-0-2024-51775)
Vulnerability from cvelistv5
Published
2025-08-03 10:13
Modified
2025-08-05 15:24
Severity ?
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin. The attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.  This issue affects Apache Zeppelin: from 0.11.1 before 0.12.0. Users are recommended to upgrade to version 0.12.0, which fixes the issue.
References
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-51775",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T15:23:52.792934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-05T15:24:11.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "org.apache.zeppelin:zeppelin-shell",
          "product": "Apache Zeppelin",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThan": "0.12.0",
              "status": "affected",
              "version": "0.11.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Calum Hutton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMissing Origin Validation in WebSockets vulnerability in Apache Zeppelin.\u003c/p\u003eThe attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.\u0026nbsp;\u003cbr\u003e\u003cp\u003eThis issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 0.12.0, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Missing Origin Validation in WebSockets vulnerability in Apache Zeppelin.\n\nThe attacker could access the Zeppelin server from another origin without any restriction, and get internal information about paragraphs.\u00a0\nThis issue affects Apache Zeppelin: from 0.11.1 before 0.12.0.\n\nUsers are recommended to upgrade to version 0.12.0, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385 Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-03T10:13:17.467Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/apache/zeppelin/pull/4823"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Zeppelin: Command Injection via CSWSH",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2024-51775",
    "datePublished": "2025-08-03T10:13:17.467Z",
    "dateReserved": "2024-11-02T13:39:42.909Z",
    "dateUpdated": "2025-08-05T15:24:11.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-8201 (GCVE-0-2024-8201)
Vulnerability from cvelistv5
Published
2025-05-16 06:32
Modified
2025-05-16 15:32
CWE
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.
Impacted products
Vendor Product Version
Hitachi Hitachi Ops Center Analyzer Version: 10.8.0-00   < 11.0.4-00
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8201",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-16T15:32:33.240487Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-16T15:32:48.874Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "RAID Agent"
          ],
          "platforms": [
            "Linux",
            "64 bit"
          ],
          "product": "Hitachi Ops Center Analyzer",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.4-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.4-00",
              "status": "affected",
              "version": "10.8.0-00",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "modules": [
            "RAID Agent"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "Hitachi Ops Center Analyzer",
          "vendor": "Hitachi",
          "versions": [
            {
              "changes": [
                {
                  "at": "11.0.4-00",
                  "status": "unaffected"
                }
              ],
              "lessThan": "11.0.4-00",
              "status": "affected",
              "version": "10.9.0-00",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cross-Site WebSocket Hijacking\u0026nbsp;vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).\u003cp\u003eThis issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00.\u003c/p\u003e"
            }
          ],
          "value": "Cross-Site WebSocket Hijacking\u00a0vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-22",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-22 Exploiting Trust in Client"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385 Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-16T06:32:23.411Z",
        "orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
        "shortName": "Hitachi"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2025-116/index.html"
        }
      ],
      "source": {
        "advisory": "hitachi-sec-2025-116",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-Site WebSocket Hijacking Vulnerability in Hitachi Ops Center Analyzer",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
    "assignerShortName": "Hitachi",
    "cveId": "CVE-2024-8201",
    "datePublished": "2025-05-16T06:32:23.411Z",
    "dateReserved": "2024-08-27T04:53:33.648Z",
    "dateUpdated": "2025-05-16T15:32:48.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-24010 (GCVE-0-2025-24010)
Vulnerability from cvelistv5
Published
2025-01-20 15:53
Modified
2025-01-21 14:52
CWE
  • CWE-346 - Origin Validation Error
  • CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action
  • CWE-1385 - Missing Origin Validation in WebSockets
Summary
Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6.
Impacted products
Vendor Product Version
vitejs vite Version: >= 6.0.0, < 6.0.9
Version: >= 5.0.0, < 5.4.12
Version: < 4.5.6
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24010",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-21T14:52:46.258360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-21T14:52:53.680Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vite",
          "vendor": "vitejs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0, \u003c 5.4.12"
            },
            {
              "status": "affected",
              "version": "\u003c 4.5.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation on the Origin header for WebSocket connections. This vulnerability is fixed in 6.0.9, 5.4.12, and 4.5.6."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-346",
              "description": "CWE-346: Origin Validation Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-350",
              "description": "CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1385",
              "description": "CWE-1385: Missing Origin Validation in WebSockets",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-20T15:53:30.929Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vitejs/vite/security/advisories/GHSA-vg6x-rcgg-rjx6"
        }
      ],
      "source": {
        "advisory": "GHSA-vg6x-rcgg-rjx6",
        "discovery": "UNKNOWN"
      },
      "title": "Vite allows any websites to send any requests to the development server and read the response"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24010",
    "datePublished": "2025-01-20T15:53:30.929Z",
    "dateReserved": "2025-01-16T17:31:06.457Z",
    "dateUpdated": "2025-01-21T14:52:53.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Implementation

Description:

  • Enable CORS-like access restrictions by verifying the 'Origin' header during the WebSocket handshake.
Mitigation

Phase: Implementation

Description:

  • Use a randomized CSRF token to verify requests.
Mitigation

Phase: Implementation

Description:

  • Use TLS to securely communicate using 'wss' (WebSocket Secure) instead of 'ws'.
Mitigation

Phases: Architecture and Design, Implementation

Description:

  • Require user authentication prior to the WebSocket connection being established. For example, the WS library in Node has a 'verifyClient' function.
Mitigation

Phase: Implementation

Description:

  • Leverage rate limiting to prevent against DoS. Use of the leaky bucket algorithm can help with this.
Mitigation

Phase: Implementation

Description:

  • Use a library that provides restriction of the payload size. For example, WS library for Node includes 'maxPayloadoption' that can be set.
Mitigation

Phase: Implementation

Description:

  • Treat data/input as untrusted in both directions and apply the same data/input sanitization as XSS, SQLi, etc.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page