CWE-565

Reliance on Cookies without Validation and Integrity Checking

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for the associated user.

CVE-2018-5455 (GCVE-0-2018-5455)
Vulnerability from cvelistv5
Published
2018-03-05 17:00
Modified
2024-08-05 05:33
Severity ?
CWE
Summary
A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions.
References
Impacted products
Vendor Product Version
n/a Moxa OnCell G3100-HSPA Series Version: Moxa OnCell G3100-HSPA Series
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.372Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moxa OnCell G3100-HSPA Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Moxa OnCell G3100-HSPA Series"
            }
          ]
        }
      ],
      "datePublic": "2018-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-05T16:57:02",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-5455",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moxa OnCell G3100-HSPA Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Moxa OnCell G3100-HSPA Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing authentication and gaining access to device functions."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-565"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-060-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2018-5455",
    "datePublished": "2018-03-05T17:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.372Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15128 (GCVE-0-2020-15128)
Vulnerability from cvelistv5
Published
2020-07-31 17:45
Modified
2024-08-04 13:08
CWE
  • CWE-565 - {"":"Reliance on Cookies without Validation and Integrity Checking"}
Summary
In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468).
Impacted products
Vendor Product Version
octobercms october Version: < 1.0.468
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.316Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/library/pull/508"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "october",
          "vendor": "octobercms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.468"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "{\"CWE-565\":\"Reliance on Cookies without Validation and Integrity Checking\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-31T17:45:20",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/library/pull/508"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"
        }
      ],
      "source": {
        "advisory": "GHSA-55mm-5399-7r63",
        "discovery": "UNKNOWN"
      },
      "title": "Reliance on Cookies without validation in OctoberCMS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15128",
          "STATE": "PUBLIC",
          "TITLE": "Reliance on Cookies without validation in OctoberCMS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "october",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.0.468"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "octobercms"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-565\":\"Reliance on Cookies without Validation and Integrity Checking\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63",
              "refsource": "CONFIRM",
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"
            },
            {
              "name": "https://github.com/octobercms/library/pull/508",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/library/pull/508"
            },
            {
              "name": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-55mm-5399-7r63",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15128",
    "datePublished": "2020-07-31T17:45:20",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:22.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-29624 (GCVE-0-2021-29624)
Vulnerability from cvelistv5
Published
2021-05-19 21:15
Modified
2024-08-03 22:11
CWE
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a "double submit" mechanism using cookies with an application deployed across multiple subdomains, e.g. "heroku"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains.
Impacted products
Vendor Product Version
fastify fastify-csrf Version: < 3.1.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:06.350Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/fastify/fastify-csrf/security/advisories/GHSA-rc4q-9m69-gqp8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/fastify/csrf/pull/2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/fastify/fastify-csrf/pull/51"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/fastify/fastify-csrf/releases/tag/v3.1.0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owasp.org/www-pdf-archive/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fastify-csrf",
          "vendor": "fastify",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a \"double submit\" mechanism using cookies with an application deployed across multiple subdomains, e.g. \"heroku\"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-19T21:15:28",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/fastify/fastify-csrf/security/advisories/GHSA-rc4q-9m69-gqp8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fastify/csrf/pull/2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fastify/fastify-csrf/pull/51"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/fastify/fastify-csrf/releases/tag/v3.1.0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owasp.org/www-pdf-archive/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf"
        }
      ],
      "source": {
        "advisory": "GHSA-rc4q-9m69-gqp8",
        "discovery": "UNKNOWN"
      },
      "title": "Lack of protection against cookie tossing attacks in fastify-csrf",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-29624",
          "STATE": "PUBLIC",
          "TITLE": "Lack of protection against cookie tossing attacks in fastify-csrf"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "fastify-csrf",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "fastify"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "fastify-csrf is an open-source plugin helps developers protect their Fastify server against CSRF attacks. Versions of fastify-csrf prior to 3.1.0 have a \"double submit\" mechanism using cookies with an application deployed across multiple subdomains, e.g. \"heroku\"-style platform as a service. Version 3.1.0 of the fastify-csrf fixes it. the vulnerability. The user of the module would need to supply a `userInfo` when generating the CSRF token to fully implement the protection on their end. This is needed only for applications hosted on different subdomains."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-565: Reliance on Cookies without Validation and Integrity Checking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/fastify/fastify-csrf/security/advisories/GHSA-rc4q-9m69-gqp8",
              "refsource": "CONFIRM",
              "url": "https://github.com/fastify/fastify-csrf/security/advisories/GHSA-rc4q-9m69-gqp8"
            },
            {
              "name": "https://github.com/fastify/csrf/pull/2",
              "refsource": "MISC",
              "url": "https://github.com/fastify/csrf/pull/2"
            },
            {
              "name": "https://github.com/fastify/fastify-csrf/pull/51",
              "refsource": "MISC",
              "url": "https://github.com/fastify/fastify-csrf/pull/51"
            },
            {
              "name": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html",
              "refsource": "MISC",
              "url": "https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html"
            },
            {
              "name": "https://github.com/fastify/fastify-csrf/releases/tag/v3.1.0",
              "refsource": "MISC",
              "url": "https://github.com/fastify/fastify-csrf/releases/tag/v3.1.0"
            },
            {
              "name": "https://owasp.org/www-pdf-archive/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf",
              "refsource": "MISC",
              "url": "https://owasp.org/www-pdf-archive/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-rc4q-9m69-gqp8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-29624",
    "datePublished": "2021-05-19T21:15:28",
    "dateReserved": "2021-03-30T00:00:00",
    "dateUpdated": "2024-08-03T22:11:06.350Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33842 (GCVE-0-2021-33842)
Vulnerability from cvelistv5
Published
2021-06-09 11:39
Modified
2024-09-16 20:01
CWE
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located.
Impacted products
Vendor Product Version
Circutor SGE-PLC1000 Version: 0.9.2b
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:23.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SGE-PLC1000",
          "vendor": "Circutor",
          "versions": [
            {
              "status": "affected",
              "version": "0.9.2b"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
        }
      ],
      "datePublic": "2021-06-07T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
            }
          ],
          "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-23T13:47:01.158Z",
        "orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
        "shortName": "INCIBE"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
            }
          ],
          "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
        }
      ],
      "source": {
        "advisory": "INCIBE-2021-0228",
        "discovery": "EXTERNAL"
      },
      "title": "Circutor SGE-PLC1000 improper authentication",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-coordination@incibe.es",
          "DATE_PUBLIC": "2021-06-08T08:00:00.000Z",
          "ID": "CVE-2021-33842",
          "STATE": "PUBLIC",
          "TITLE": "Circutor SGE-PLC1000 improper authentication"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SGE-PLC1000",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "0.9.2b",
                            "version_value": "0.9.2b"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Circutor"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit this vulnerability, the attacker must be within the network where the device affected is located."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication",
              "refsource": "CONFIRM",
              "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
          }
        ],
        "source": {
          "advisory": "INCIBE-2021-0228",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
    "assignerShortName": "INCIBE",
    "cveId": "CVE-2021-33842",
    "datePublished": "2021-06-09T11:39:52.302361Z",
    "dateReserved": "2021-06-04T00:00:00",
    "dateUpdated": "2024-09-16T20:01:18.942Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3818 (GCVE-0-2021-3818)
Vulnerability from cvelistv5
Published
2021-09-27 12:25
Modified
2024-08-03 17:09
CWE
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
Impacted products
Vendor Product Version
getgrav getgrav/grav Version: unspecified   < 1.7.22
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:09.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "getgrav/grav",
          "vendor": "getgrav",
          "versions": [
            {
              "lessThan": "1.7.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-27T12:25:23",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07"
        }
      ],
      "source": {
        "advisory": "c2bc65af-7b93-4020-886e-8cdaeb0a58ea",
        "discovery": "EXTERNAL"
      },
      "title": "Reliance on Cookies without Validation and Integrity Checking in getgrav/grav",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3818",
          "STATE": "PUBLIC",
          "TITLE": "Reliance on Cookies without Validation and Integrity Checking in getgrav/grav"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "getgrav/grav",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.7.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "getgrav"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-565 Reliance on Cookies without Validation and Integrity Checking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/c2bc65af-7b93-4020-886e-8cdaeb0a58ea"
            },
            {
              "name": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07",
              "refsource": "MISC",
              "url": "https://github.com/getgrav/grav/commit/c51fb1779b83f620c0b6f3548d4a96322b55df07"
            }
          ]
        },
        "source": {
          "advisory": "c2bc65af-7b93-4020-886e-8cdaeb0a58ea",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3818",
    "datePublished": "2021-09-27T12:25:23",
    "dateReserved": "2021-09-20T00:00:00",
    "dateUpdated": "2024-08-03T17:09:09.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41263 (GCVE-0-2021-41263)
Vulnerability from cvelistv5
Published
2021-11-15 20:10
Modified
2024-08-04 03:08
CWE
  • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different 'sites' within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:08:31.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails_multisite",
          "vendor": "discourse",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails\u0027 signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different \u0027sites\u0027 within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-15T20:10:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0"
        }
      ],
      "source": {
        "advisory": "GHSA-844m-cpr9-jcmh",
        "discovery": "UNKNOWN"
      },
      "title": "Secure/signed cookies share secrets between sites in rails_multisite",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41263",
          "STATE": "PUBLIC",
          "TITLE": "Secure/signed cookies share secrets between sites in rails_multisite"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "rails_multisite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "discourse"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "rails_multisite provides multi-db support for Rails applications. In affected versions this vulnerability impacts any Rails applications using `rails_multisite` alongside Rails\u0027 signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an attacker to re-use cookies on different \u0027sites\u0027 within a multi-site Rails application. The issue has been patched in v4 of the `rails_multisite` gem. Note that this upgrade will invalidate all previous signed/encrypted cookies. The impact of this invalidation will vary based on the application architecture."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-565: Reliance on Cookies without Validation and Integrity Checking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh",
              "refsource": "CONFIRM",
              "url": "https://github.com/discourse/rails_multisite/security/advisories/GHSA-844m-cpr9-jcmh"
            },
            {
              "name": "https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0",
              "refsource": "MISC",
              "url": "https://github.com/discourse/rails_multisite/commit/c6785cdb5c9277dd2c5ac8d55180dd1ece440ed0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-844m-cpr9-jcmh",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41263",
    "datePublished": "2021-11-15T20:10:11",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-04T03:08:31.596Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-36032 (GCVE-0-2022-36032)
Vulnerability from cvelistv5
Published
2022-09-06 18:20
Modified
2025-04-23 17:14
CWE
  • CWE-20 - Improper Input Validation
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP's HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers.
Impacted products
Vendor Product Version
reactphp http Version: >= 0.7.0, < 1.7.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T09:51:59.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/reactphp/http/security/advisories/GHSA-w3w9-vrf5-8mx8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/reactphp/http/pull/175"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/reactphp/http/commit/663c9a3b77b71463fa7fcb76a6676ffd16979dd6"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/reactphp/http/releases/tag/v1.7.0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-36032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:52:06.054764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:14:48.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "http",
          "vendor": "reactphp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0.7.0, \u003c 1.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP\u0027s HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-06T18:20:12.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/reactphp/http/security/advisories/GHSA-w3w9-vrf5-8mx8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/reactphp/http/pull/175"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/reactphp/http/commit/663c9a3b77b71463fa7fcb76a6676ffd16979dd6"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/reactphp/http/releases/tag/v1.7.0"
        }
      ],
      "source": {
        "advisory": "GHSA-w3w9-vrf5-8mx8",
        "discovery": "UNKNOWN"
      },
      "title": "ReactPHP\u0027s HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-36032",
          "STATE": "PUBLIC",
          "TITLE": "ReactPHP\u0027s HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "http",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 0.7.0, \u003c 1.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "reactphp"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ReactPHP HTTP is a streaming HTTP client and server implementation for ReactPHP. In ReactPHP\u0027s HTTP server component versions starting with 0.7.0 and prior to 1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like `__Host-` and `__Secure-` confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. This issue is fixed in ReactPHP HTTP version 1.7.0. As a workaround, Infrastructure or DevOps can place a reverse proxy in front of the ReactPHP HTTP server to filter out any unexpected `Cookie` request headers."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-565: Reliance on Cookies without Validation and Integrity Checking"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/reactphp/http/security/advisories/GHSA-w3w9-vrf5-8mx8",
              "refsource": "CONFIRM",
              "url": "https://github.com/reactphp/http/security/advisories/GHSA-w3w9-vrf5-8mx8"
            },
            {
              "name": "https://github.com/reactphp/http/pull/175",
              "refsource": "MISC",
              "url": "https://github.com/reactphp/http/pull/175"
            },
            {
              "name": "https://github.com/reactphp/http/commit/663c9a3b77b71463fa7fcb76a6676ffd16979dd6",
              "refsource": "MISC",
              "url": "https://github.com/reactphp/http/commit/663c9a3b77b71463fa7fcb76a6676ffd16979dd6"
            },
            {
              "name": "https://github.com/reactphp/http/releases/tag/v1.7.0",
              "refsource": "MISC",
              "url": "https://github.com/reactphp/http/releases/tag/v1.7.0"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-w3w9-vrf5-8mx8",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-36032",
    "datePublished": "2022-09-06T18:20:13.000Z",
    "dateReserved": "2022-07-15T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:14:48.031Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32725 (GCVE-0-2023-32725)
Vulnerability from cvelistv5
Published
2023-12-18 09:15
Modified
2024-08-02 15:25
Severity ?
CWE
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
Impacted products
Vendor Product Version
Zabbix Zabbix Version: 6.0.0
Version: 6.4.0
Version: 7.0.0alpha1
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.630Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.zabbix.com/browse/ZBX-23854"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "Server",
            "Web service"
          ],
          "product": "Zabbix",
          "repo": "https://git.zabbix.com/",
          "vendor": "Zabbix",
          "versions": [
            {
              "changes": [
                {
                  "at": "6.0.22rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.0.21",
              "status": "affected",
              "version": "6.0.0 ",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "6.4.7rc1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "6.4.6",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "git"
            },
            {
              "changes": [
                {
                  "at": "7.0.0alpha4",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "7.0.0alpha3",
              "status": "affected",
              "version": "7.0.0alpha1 ",
              "versionType": "git"
            }
          ]
        }
      ],
      "datePublic": "2023-11-06T08:04:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user."
            }
          ],
          "value": "The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-593",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-593 Session Hijacking"
            }
          ]
        },
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T09:15:23.931Z",
        "orgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
        "shortName": "Zabbix"
      },
      "references": [
        {
          "url": "https://support.zabbix.com/browse/ZBX-23854"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Leak of zbx_session cookie when using a scheduled report that includes a dashboard with a URL widget.",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "72de3e22-0555-4a0d-ae81-9249e0f0a1e8",
    "assignerShortName": "Zabbix",
    "cveId": "CVE-2023-32725",
    "datePublished": "2023-12-18T09:15:23.931Z",
    "dateReserved": "2023-05-11T21:25:43.368Z",
    "dateUpdated": "2024-08-02T15:25:36.630Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-41084 (GCVE-0-2023-41084)
Vulnerability from cvelistv5
Published
2023-09-18 19:56
Modified
2024-08-02 18:46
Severity ?
CWE
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
Summary
Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:socomec:modulys_gp_firmware:01.12.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "modulys_gp_firmware",
            "vendor": "socomec",
            "versions": [
              {
                "status": "affected",
                "version": "01.12.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-41084",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T19:22:57.109362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T19:25:52.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T18:46:11.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MODULYS GP (MOD3GP-SY-120K)",
          "vendor": "Socomec",
          "versions": [
            {
              "status": "affected",
              "version": "v01.12.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Aar\u00f3n Flecha Men\u00e9ndez reported these vulnerabilities to CISA."
        }
      ],
      "datePublic": "2023-09-07T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSession management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e\n\n"
            }
          ],
          "value": "\n\n\n\n\n\n\n\n\n\n\nSession management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.\n\n\n\n\n\n\n\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-18T19:56:27.267Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-250-03"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSocomec reports that MODULYS GP (MOD3GP-SY-120K) is an End-of-Life product. Socomec recommends using MODULYS GP2 (M4-S-XXX) instead. MODULYS GP2 (M4-S-XXX) is not affected by the above vulnerabilities.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nSocomec reports that MODULYS GP (MOD3GP-SY-120K) is an End-of-Life product. Socomec recommends using MODULYS GP2 (M4-S-XXX) instead. MODULYS GP2 (M4-S-XXX) is not affected by the above vulnerabilities.\n\n\n"
        }
      ],
      "source": {
        "advisory": "ICSA-23-250-03",
        "discovery": "EXTERNAL"
      },
      "tags": [
        "unsupported-when-assigned"
      ],
      "title": "Socomec MOD3GP-SY-120K Reliance on Cookies without Validation and Integrity Checking",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-41084",
    "datePublished": "2023-09-18T19:56:27.267Z",
    "dateReserved": "2023-09-06T15:41:16.509Z",
    "dateUpdated": "2024-08-02T18:46:11.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-45128 (GCVE-0-2023-45128)
Vulnerability from cvelistv5
Published
2023-10-16 20:45
Modified
2024-09-16 14:23
Severity ?
CWE
  • CWE-20 - Improper Input Validation
  • CWE-352 - Cross-Site Request Forgery (CSRF)
  • CWE-565 - Reliance on Cookies without Validation and Integrity Checking
  • CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Summary
Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability.
Impacted products
Vendor Product Version
gofiber fiber Version: < 2.50.0
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T20:14:18.999Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368"
          },
          {
            "name": "https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-45128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-16T14:23:34.651707Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T14:23:48.099Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "fiber",
          "vendor": "gofiber",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.50.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-565",
              "description": "CWE-565: Reliance on Cookies without Validation and Integrity Checking",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-807",
              "description": "CWE-807: Reliance on Untrusted Inputs in a Security Decision",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-16T20:46:19.342Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368"
        },
        {
          "name": "https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gofiber/fiber/commit/8c3916dbf4ad2ed427d02c6eb63ae8b2fa8f019a"
        }
      ],
      "source": {
        "advisory": "GHSA-94w9-97p3-p368",
        "discovery": "UNKNOWN"
      },
      "title": "CSRF Token Reuse Vulnerability in fiber"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-45128",
    "datePublished": "2023-10-16T20:45:07.068Z",
    "dateReserved": "2023-10-04T16:02:46.327Z",
    "dateUpdated": "2024-09-16T14:23:48.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Phase: Architecture and Design

Description:

  • Avoid using cookie data for a security-related decision.
Mitigation

Phase: Implementation

Description:

  • Perform thorough input validation (i.e.: server side validation) on the cookie data if you're going to use it for a security related decision.
Mitigation

Phase: Architecture and Design

Description:

  • Add integrity checks to detect tampering.
Mitigation

Phase: Architecture and Design

Description:

  • Protect critical cookies from replay attacks, since cross-site scripting or other attacks may allow attackers to steal a strongly-encrypted cookie that also passes integrity checks. This mitigation applies to cookies that should only be valid during a single transaction or session. By enforcing timeouts, you may limit the scope of an attack. As part of your integrity check, use an unpredictable, server-side value that is not exposed to the client.
CAPEC-226: Session Credential Falsification through Manipulation

An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server.

CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies

This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.

CAPEC-39: Manipulating Opaque Client-based Data Tokens

In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.

Back to CWE stats page