CWE-290
Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
CVE-2017-14003 (GCVE-0-2017-14003)
Vulnerability from cvelistv5
Published
2017-10-11 19:00
Modified
2024-08-05 19:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | LAVA Computer MFG Inc. Ether-Serial Link |
Version: LAVA Computer MFG Inc. Ether-Serial Link |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:13:41.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01"
},
{
"name": "101226",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101226"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LAVA Computer MFG Inc. Ether-Serial Link",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "LAVA Computer MFG Inc. Ether-Serial Link"
}
]
}
],
"datePublic": "2017-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01"
},
{
"name": "101226",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101226"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-14003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LAVA Computer MFG Inc. Ether-Serial Link",
"version": {
"version_data": [
{
"version_value": "LAVA Computer MFG Inc. Ether-Serial Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Authentication Bypass by Spoofing issue was discovered in LAVA Ether-Serial Link (ESL) running firmware versions 6.01.00/29.03.2007 and prior versions. An improper authentication vulnerability has been identified, which, if exploited, would allow an attacker with the same IP address to bypass authentication by accessing a specific uniform resource locator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-283-01"
},
{
"name": "101226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101226"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-14003",
"datePublished": "2017-10-11T19:00:00",
"dateReserved": "2017-08-30T00:00:00",
"dateUpdated": "2024-08-05T19:13:41.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15715 (GCVE-0-2018-15715)
Vulnerability from cvelistv5
Published
2018-11-30 20:00
Modified
2024-09-16 21:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:01:54.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2018-40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Zoom",
"vendor": "Zoom",
"versions": [
{
"status": "affected",
"version": "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-30T19:57:01",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2018-40"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-29T00:00:00",
"ID": "CVE-2018-15715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom",
"version": {
"version_data": [
{
"version_value": "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
}
]
}
}
]
},
"vendor_name": "Zoom"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-40",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-40"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2018-15715",
"datePublished": "2018-11-30T20:00:00Z",
"dateReserved": "2018-08-22T00:00:00",
"dateUpdated": "2024-09-16T21:56:33.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16766 (GCVE-0-2019-16766)
Vulnerability from cvelistv5
Published
2019-11-29 17:05
Modified
2024-08-05 01:24
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Lab Digital | wagtail-2fa |
Version: < 1.3.0 < 1.3.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:47.232Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wagtail-2fa",
"vendor": "Lab Digital",
"versions": [
{
"lessThan": "1.3.0",
"status": "affected",
"version": "\u003c 1.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When using wagtail-2fa before 1.3.0, if someone gains access to someone\u0027s Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-304",
"description": "CWE-304 Missing Critical Step in Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-29T17:05:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca"
}
],
"source": {
"advisory": "GHSA-89px-ww3j-g2mm",
"discovery": "UNKNOWN"
},
"title": "2FA bypass in Wagtail through new device path",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16766",
"STATE": "PUBLIC",
"TITLE": "2FA bypass in Wagtail through new device path"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wagtail-2fa",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "\u003c 1.3.0",
"version_value": "1.3.0"
}
]
}
}
]
},
"vendor_name": "Lab Digital"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using wagtail-2fa before 1.3.0, if someone gains access to someone\u0027s Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-304 Missing Critical Step in Authentication"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm",
"refsource": "CONFIRM",
"url": "https://github.com/LabD/wagtail-2fa/security/advisories/GHSA-89px-ww3j-g2mm"
},
{
"name": "https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81",
"refsource": "MISC",
"url": "https://github.com/labd/wagtail-2fa/commit/a6711b29711729005770ff481b22675b35ff5c81"
},
{
"name": "https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca",
"refsource": "MISC",
"url": "https://github.com/labd/wagtail-2fa/commit/13b12995d35b566df08a17257a23863ab6efb0ca"
}
]
},
"source": {
"advisory": "GHSA-89px-ww3j-g2mm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2019-16766",
"datePublished": "2019-11-29T17:05:14",
"dateReserved": "2019-09-24T00:00:00",
"dateUpdated": "2024-08-05T01:24:47.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18259 (GCVE-0-2019-18259)
Vulnerability from cvelistv5
Published
2019-12-16 19:19
Modified
2024-08-05 01:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - AUTHENTICATION BYPASS BY SPOOFING
Summary
In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Omron PLC CJ and CS Series |
Version: Omron PLC CJ series, all versions, Omron PLC CS series, all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Omron PLC CJ and CS Series",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "AUTHENTICATION BYPASS BY SPOOFING CWE-290",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-16T19:19:04",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2019-18259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Omron PLC CJ and CS Series",
"version": {
"version_data": [
{
"version_value": "Omron PLC CJ series, all versions, Omron PLC CS series, all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Omron PLC CJ series, all versions and Omron PLC CS series, all versions, an attacker could spoof arbitrary messages or execute commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS BY SPOOFING CWE-290"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-346-02"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2019-18259",
"datePublished": "2019-12-16T19:19:04",
"dateReserved": "2019-10-22T00:00:00",
"dateUpdated": "2024-08-05T01:47:14.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3775 (GCVE-0-2019-3775)
Vulnerability from cvelistv5
Published
2019-03-07 19:00
Modified
2024-09-16 22:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cloud Foundry | UAA Release (OSS) |
Version: All < v70.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "UAA Release (OSS)",
"vendor": "Cloud Foundry",
"versions": [
{
"lessThan": "v70.0",
"status": "affected",
"version": "All",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-07T18:57:02",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cloudfoundry.org/blog/cve-2019-3775"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "UAA allows users to modify their own email address",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-02-26T00:00:00.000Z",
"ID": "CVE-2019-3775",
"STATE": "PUBLIC",
"TITLE": "UAA allows users to modify their own email address"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UAA Release (OSS)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_name": "All",
"version_value": "v70.0"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry UAA, versions prior to v70.0, allows a user to update their own email address. A remote authenticated user can impersonate a different user by changing their email address to that of a different user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2019-3775",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2019-3775"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2019-3775",
"datePublished": "2019-03-07T19:00:00Z",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-09-16T22:31:19.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-3884 (GCVE-0-2019-3884)
Vulnerability from cvelistv5
Published
2019-08-01 13:20
Modified
2024-08-04 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | atomic-openshift |
Version: 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "atomic-openshift",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-01T13:20:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3884",
"datePublished": "2019-08-01T13:20:50",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10136 (GCVE-0-2020-10136)
Vulnerability from cvelistv5
Published
2020-06-02 08:35
Modified
2024-09-17 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IETF | RFC2003 - IP Encapsulation within IP |
Version: STD 1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:50:57.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#636397",
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/636397/"
},
{
"tags": [
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.digi.com/resources/security"
},
{
"name": "VU#636397",
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/636397"
},
{
"name": "Security Concerns with IP Tunneling",
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc6169"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RFC2003 - IP Encapsulation within IP",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "STD 1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks to Yannay Livneh for reporting this issue."
}
],
"datePublic": "2020-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T21:10:04.191Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#636397",
"url": "https://kb.cert.org/vuls/id/636397/"
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
},
{
"url": "https://www.digi.com/resources/security"
},
{
"name": "VU#636397",
"url": "https://www.kb.cert.org/vuls/id/636397"
},
{
"name": "Security Concerns with IP Tunneling",
"url": "https://datatracker.ietf.org/doc/html/rfc6169"
}
],
"solutions": [
{
"lang": "en",
"value": "Customers should apply the latest patch provided by the affected vendor that addresses this issue and prevents unspecified IP-in-IP packets from being processed. Devices manufacturers are urged to disable IP-in-IP in their default configuration and require their customers to explicitly configure IP-in-IP as and when needed."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic",
"workarounds": [
{
"lang": "en",
"value": "Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4)."
}
],
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2020-10136",
"datePublished": "2020-06-02T08:35:12.921954Z",
"dateReserved": "2020-03-05T00:00:00",
"dateUpdated": "2024-09-17T00:56:11.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11015 (GCVE-0-2020-11015)
Vulnerability from cvelistv5
Published
2022-09-29 01:42
Modified
2025-04-23 16:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| suculent | thinx-device-api |
Version: < 2.5.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/suculent/thinx-device-api/security/advisories/GHSA-5x54-39xq-cwvc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-11015",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:57:02.344233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:54:10.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "thinx-device-api",
"vendor": "suculent",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T01:42:38.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/suculent/thinx-device-api/security/advisories/GHSA-5x54-39xq-cwvc"
}
],
"source": {
"advisory": "GHSA-5x54-39xq-cwvc",
"discovery": "UNKNOWN"
},
"title": "Device Authentication Vulnerability in thinx-device-api IoT Device Management Server",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11015",
"STATE": "PUBLIC",
"TITLE": "Device Authentication Vulnerability in thinx-device-api IoT Device Management Server"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thinx-device-api",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.0"
}
]
}
}
]
},
"vendor_name": "suculent"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/suculent/thinx-device-api/security/advisories/GHSA-5x54-39xq-cwvc",
"refsource": "CONFIRM",
"url": "https://github.com/suculent/thinx-device-api/security/advisories/GHSA-5x54-39xq-cwvc"
}
]
},
"source": {
"advisory": "GHSA-5x54-39xq-cwvc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11015",
"datePublished": "2022-09-29T01:42:38.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T16:54:10.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-13529 (GCVE-0-2020-13529)
Vulnerability from cvelistv5
Published
2021-05-10 15:08
Modified
2024-08-04 12:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:18:18.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
},
{
"name": "GLSA-202107-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-48"
},
{
"name": "FEDORA-2021-166e461c8d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"
},
{
"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"
},
{
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
},
{
"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Systemd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Canonical Ubuntu 20.04 LTS, Systemd 245"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T15:13:43",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
},
{
"name": "GLSA-202107-48",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-48"
},
{
"name": "FEDORA-2021-166e461c8d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"
},
{
"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"
},
{
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
},
{
"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210625-0005/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-13529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Systemd",
"version": {
"version_data": [
{
"version_value": "Canonical Ubuntu 20.04 LTS, Systemd 245"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server."
}
]
},
"impact": {
"cvss": {
"baseScore": 6.1,
"baseSeverity": "Medium",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142"
},
{
"name": "GLSA-202107-48",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-48"
},
{
"name": "FEDORA-2021-166e461c8d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42TMJVNYRY65B4QCJICBYOEIVZV3KUYI/"
},
{
"name": "[oss-security] 20210804 Re: Pop!_OS Membership to linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/04/2"
},
{
"name": "[oss-security] 20210817 Re: Pop!_OS Membership to linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/08/17/3"
},
{
"name": "[oss-security] 20210907 Re: Pop!_OS Membership to linux-distros list",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/09/07/3"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210625-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210625-0005/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-13529",
"datePublished": "2021-05-10T15:08:34",
"dateReserved": "2020-05-26T00:00:00",
"dateUpdated": "2024-08-04T12:18:18.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-17516 (GCVE-0-2020-17516)
Vulnerability from cvelistv5
Published
2021-02-03 16:40
Modified
2024-08-04 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-290 - Authentication Bypass by Spoofing
Summary
Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement.
References
| ► | URL | Tags |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache Cassandra |
Version: 2.1.0 to 2.1.22 Version: 2.2.0 to 2.2.19 Version: 3.0.0 to 3.0.23 Version: 3.11.0 to 3.11.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:00:48.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Cassandra",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.1.0 to 2.1.22"
},
{
"status": "affected",
"version": "2.2.0 to 2.2.19"
},
{
"status": "affected",
"version": "3.0.0 to 3.0.23"
},
{
"status": "affected",
"version": "3.11.0 to 3.11.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using \u0027dc\u0027 or \u0027rack\u0027 internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T08:06:07",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D%40apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8%40%3Ccommits.cassandra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9%40%3Ccommits.cassandra.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-17516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Cassandra",
"version": {
"version_data": [
{
"version_value": "2.1.0 to 2.1.22"
},
{
"version_value": "2.2.0 to 2.2.19"
},
{
"version_value": "3.0.0 to 3.0.23"
},
{
"version_value": "3.11.0 to 3.11.9"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using \u0027dc\u0027 or \u0027rack\u0027 internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290: Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e",
"refsource": "CONFIRM",
"url": "http://mail-archives.apache.org/mod_mbox/cassandra-user/202102.mbox/%3c6E4340A5-D7BE-4D33-9EC5-3B505A626D8D@apache.org%3e"
},
{
"name": "[cassandra-commits] 20210217 [jira] [Created] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd84bec24907617bdb72f7ec907cd7437a0fd5a8886eb55aa84dd1eb8@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210521-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210521-0002/"
},
{
"name": "[cassandra-commits] 20210523 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcb16f36cafa184dd159e94033f87d0fc274c4752d467f3a09f2ceae4@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210915 [jira] [Updated] (CASSANDRA-16455) CVE-2020-17516 mitigation in 2.2.x branch",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81243a412a37a22211754936a13856af07cc68a93d728c52807486e9@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-17516",
"datePublished": "2021-02-03T16:40:04",
"dateReserved": "2020-08-12T00:00:00",
"dateUpdated": "2024-08-04T14:00:48.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
CAPEC-21: Exploitation of Trusted Identifiers
An adversary guesses, obtains, or "rides" a trusted identifier (e.g. session ID, resource ID, cookie, etc.) to perform authorized actions under the guise of an authenticated user or service.
CAPEC-22: Exploiting Trust in Client
An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
An adversary utilizes a hash function extension/padding weakness, to modify the parameters passed to the web service requesting authentication by generating their own call in order to generate a legitimate signature hash (as described in the notes), without knowledge of the secret token sometimes provided by the web service.
CAPEC-473: Signature Spoof
An attacker generates a message or datablock that causes the recipient to believe that the message or datablock was generated and cryptographically signed by an authoritative or reputable source, misleading a victim or victim operating system into performing malicious actions.
CAPEC-476: Signature Spoofing by Misrepresentation
An attacker exploits a weakness in the parsing or display code of the recipient software to generate a data blob containing a supposedly valid signature, but the signer's identity is falsely represented, which can lead to the attacker manipulating the recipient software or its victim user to perform compromising actions.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
CAPEC-60: Reusing Session IDs (aka Session Replay)
This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
CAPEC-667: Bluetooth Impersonation AttackS (BIAS)
An adversary disguises the MAC address of their Bluetooth enabled device to one for which there exists an active and trusted connection and authenticates successfully. The adversary can then perform malicious actions on the target Bluetooth device depending on the target’s capabilities.
CAPEC-94: Adversary in the Middle (AiTM)
An adversary targets the communication between two components (typically client and server), in order to alter or obtain data from transactions. A general approach entails the adversary placing themself within the communication channel between the two components.