cvelistv5 - CVE-2022-23655

CVE-2022-23655 (GCVE-0-2022-23655)

Vulnerability from cvelistv5

Published

2022-02-23 23:30

Modified

2025-04-23 19:00

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

CWE

CWE-347 - Improper Verification of Cryptographic Signature

Summary

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.

References

►

URL

Tags

security-advisories@github.com	https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	octobercms	october	Version: >= 1.1.0, < 1.1.11 Version: < 1.0.475

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:51:44.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-23655",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T14:10:01.049902Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T19:00:46.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "october",
          "vendor": "octobercms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.1.0, \u003c 1.1.11"
            },
            {
              "status": "affected",
              "version": "\u003c 1.0.475"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-347",
              "description": "CWE-347: Improper Verification of Cryptographic Signature",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-23T23:30:09.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
        }
      ],
      "source": {
        "advisory": "GHSA-53m6-44rc-h2q5",
        "discovery": "UNKNOWN"
      },
      "title": "Missing server signature validation in OctoberCMS",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23655",
          "STATE": "PUBLIC",
          "TITLE": "Missing server signature validation in OctoberCMS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "october",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.1.0, \u003c 1.1.11"
                          },
                          {
                            "version_value": "\u003c 1.0.475"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "octobercms"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-347: Improper Verification of Cryptographic Signature"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5",
              "refsource": "CONFIRM",
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
            },
            {
              "name": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a",
              "refsource": "MISC",
              "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-53m6-44rc-h2q5",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-23655",
    "datePublished": "2022-02-23T23:30:09.000Z",
    "dateReserved": "2022-01-19T00:00:00.000Z",
    "dateUpdated": "2025-04-23T19:00:46.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-23655\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-02-24T00:15:07.507\",\"lastModified\":\"2024-11-21T06:49:01.930\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.\"},{\"lang\":\"es\",\"value\":\"Octobercms es una plataforma CMS auto-alojada basada en el framework PHP Laravel. Las versiones afectadas de OctoberCMS no comprueban las firmas del servidor de puerta de enlace. Como resultado, los servidores de puerta de enlace no autorizados pueden ser usados para exfiltrar las claves privadas de usuarios. Es recomendado a usuarios actualizar sus instalaciones a versi\u00f3n 474 o a versi\u00f3n v1.1.10. La \u00fanica medida de mitigaci\u00f3n conocida es aplicar manualmente el parche (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) que a\u00f1ade la comprobaci\u00f3n de la firma del servidor\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:N/A:N\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.475\",\"matchCriteriaId\":\"42D784EC-AC13-4AE2-83D8-39C4170BCB7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.11\",\"matchCriteriaId\":\"F871AD37-852B-4C7A-AC65-B0FD3938534C\"}]}]}],\"references\":[{\"url\":\"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"october\", \"vendor\": \"octobercms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.1.0, \u003c 1.1.11\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.0.475\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-02-23T23:30:09.000Z\", \"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\"}], \"source\": {\"advisory\": \"GHSA-53m6-44rc-h2q5\", \"discovery\": \"UNKNOWN\"}, \"title\": \"Missing server signature validation in OctoberCMS\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security-advisories@github.com\", \"ID\": \"CVE-2022-23655\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Missing server signature validation in OctoberCMS\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"october\", \"version\": {\"version_data\": [{\"version_value\": \"\u003e= 1.1.0, \u003c 1.1.11\"}, {\"version_value\": \"\u003c 1.0.475\"}]}}]}, \"vendor_name\": \"octobercms\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\", \"refsource\": \"CONFIRM\", \"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\"}, {\"name\": \"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\", \"refsource\": \"MISC\", \"url\": \"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\"}]}, \"source\": {\"advisory\": \"GHSA-53m6-44rc-h2q5\", \"discovery\": \"UNKNOWN\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T03:51:44.208Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-23655\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T14:10:01.049902Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T14:10:02.408Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"assignerShortName\": \"GitHub_M\", \"cveId\": \"CVE-2022-23655\", \"datePublished\": \"2022-02-23T23:30:09.000Z\", \"dateReserved\": \"2022-01-19T00:00:00.000Z\", \"dateUpdated\": \"2025-04-23T19:00:46.105Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2022-23655

Vulnerability from fkie_nvd

Published

2022-02-24 00:15

Modified

2024-11-21 06:49

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	octobercms	october	*
	octobercms	october	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42D784EC-AC13-4AE2-83D8-39C4170BCB7E",
              "versionEndExcluding": "1.0.475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F871AD37-852B-4C7A-AC65-B0FD3938534C",
              "versionEndExcluding": "1.1.11",
              "versionStartIncluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."
    },
    {
      "lang": "es",
      "value": "Octobercms es una plataforma CMS auto-alojada basada en el framework PHP Laravel. Las versiones afectadas de OctoberCMS no comprueban las firmas del servidor de puerta de enlace. Como resultado, los servidores de puerta de enlace no autorizados pueden ser usados para exfiltrar las claves privadas de usuarios. Es recomendado a usuarios actualizar sus instalaciones a versi\u00f3n 474 o a versi\u00f3n v1.1.10. La \u00fanica medida de mitigaci\u00f3n conocida es aplicar manualmente el parche (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) que a\u00f1ade la comprobaci\u00f3n de la firma del servidor"
    }
  ],
  "id": "CVE-2022-23655",
  "lastModified": "2024-11-21T06:49:01.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-24T00:15:07.507",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-347"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

ghsa-53m6-44rc-h2q5

Vulnerability from github

Published

2022-02-24 13:09

Modified

2022-03-08 18:23

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Summary

Missing server signature validation in OctoberCMS

Details

Impact

This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server.

It has been disclosed that a project fork of October CMS v1.0 is using a compromised gateway to access the October CMS marketplace service. The compromised gateway captures the personal/business information of users and authors, including private source code files. It was also disclosed that captured plugin files are freely redistributed to other users without authorization.

End-users are provided with a forked version of October CMS v1.0. The provided software is modified to use a compromised gateway server.
The user is instructed to enter their October CMS license key into the administration panel to access the October CMS marketplace. The key is sent to the compromised server while appearing to access the genuine October CMS gateway server.
The compromised gateway server uses a "man in the middle" mechanism that captures information while forwarding the request to the genuine October CMS gateway and relaying the response back to the client.
The compromised gateway server stores the license key and other information about the user account including client name, email address and contents of purchased plugins and privately uploaded plugin files.
The stored plugin files are made available to other users of the compromised gateway server.

Patches

The issue has been patched in Build 475 (v1.0.475) and v1.1.11.

Workarounds

Apply https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a to your installation manually if unable to upgrade to Build 475 or v1.1.11.

Recommendations

We recommend the following steps to make sure your account information stays secure:

Do not share your license key with anyone except October CMS.
Check to make sure that your gateway update server has not been modified.
Be aware of phishing websites, including other platforms that use the same appearance.
For authors, you may contact us for help requesting the removal of affected plugins.
Before providing plugin support, verify that the user holds a legitimate copy of the plugin.

References

Credits for research on this exploit: • Nikita Khaetsky

For more information

If you have any questions or comments about this advisory: * Email us at hello@octobercms.com

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/system"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.1.0"
            },
            {
              "fixed": "1.1.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "october/system"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.475"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23655"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-24T13:09:30Z",
    "nvd_published_at": "2022-02-24T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThis advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server.\n\nIt has been disclosed that a project fork of October CMS v1.0 is using a compromised gateway to access the October CMS marketplace service. The compromised gateway captures the personal/business information of users and authors, including private source code files. It was also disclosed that captured plugin files are freely redistributed to other users without authorization.\n\n1. End-users are provided with a forked version of October CMS v1.0. The provided software is modified to use a compromised gateway server.\n\n2. The user is instructed to enter their October CMS license key into the administration panel to access the October CMS marketplace. The key is sent to the compromised server while appearing to access the genuine October CMS gateway server.\n\n3. The compromised gateway server uses a \"man in the middle\" mechanism that captures information while forwarding the request to the genuine October CMS gateway and relaying the response back to the client.\n\n4. The compromised gateway server stores the license key and other information about the user account including client name, email address and contents of purchased plugins and privately uploaded plugin files. \n\n5. The stored plugin files are made available to other users of the compromised gateway server.\n\n### Patches\n\nThe issue has been patched in Build 475 (v1.0.475) and v1.1.11.\n\n### Workarounds\n\nApply https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a to your installation manually if unable to upgrade to Build 475 or v1.1.11.\n\n### Recommendations\n\nWe recommend the following steps to make sure your account information stays secure:\n\n- Do not share your license key with anyone except October CMS.\n- Check to make sure that your gateway update server has not been modified.\n- Be aware of phishing websites, including other platforms that use the same appearance.\n- For authors, you may contact us for help requesting the removal of affected plugins.\n- Before providing plugin support, verify that the user holds a legitimate copy of the plugin.\n\n### References\n\nCredits for research on this exploit:\n\u2022 Nikita Khaetsky\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Email us at [hello@octobercms.com](mailto:hello@octobercms.com)",
  "id": "GHSA-53m6-44rc-h2q5",
  "modified": "2022-03-08T18:23:38Z",
  "published": "2022-02-24T13:09:30Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23655"
    },
    {
      "type": "WEB",
      "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/octobercms/october"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Missing server signature validation in OctoberCMS"
}

gsd-2022-23655

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2022-23655

Aliases

CVE-2022-23655

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-23655",
    "description": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.",
    "id": "GSD-2022-23655"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-23655"
      ],
      "details": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.",
      "id": "GSD-2022-23655",
      "modified": "2023-12-13T01:19:34.923576Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-23655",
        "STATE": "PUBLIC",
        "TITLE": "Missing server signature validation in OctoberCMS"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "october",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 1.1.0, \u003c 1.1.11"
                        },
                        {
                          "version_value": "\u003c 1.0.475"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "octobercms"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-347: Improper Verification of Cryptographic Signature"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5",
            "refsource": "CONFIRM",
            "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
          },
          {
            "name": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a",
            "refsource": "MISC",
            "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-53m6-44rc-h2q5",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.0.475||\u003e=1.1.0,\u003c1.1.11",
          "affected_versions": "All versions before 1.0.475, all versions starting from 1.1.0 before 1.1.11",
          "cvss_v2": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-347",
            "CWE-937"
          ],
          "date": "2022-03-07",
          "description": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS does not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys.",
          "fixed_versions": [
            "1.0.475",
            "1.1.11"
          ],
          "identifier": "CVE-2022-23655",
          "identifiers": [
            "CVE-2022-23655",
            "GHSA-53m6-44rc-h2q5"
          ],
          "not_impacted": "All versions starting from 1.0.475 before 1.1.0, all versions starting from 1.1.11",
          "package_slug": "packagist/october/october",
          "pubdate": "2022-02-24",
          "solution": "Upgrade to versions 1.0.475, 1.1.11 or above.",
          "title": "Improper Verification of Cryptographic Signature",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23655",
            "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a",
            "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
          ],
          "uuid": "baf455a1-6139-4b21-b240-c5472008075b"
        },
        {
          "affected_range": "\u003e=1.1.0,\u003c1.1.11||\u003c1.0.475",
          "affected_versions": "All versions starting from 1.1.0 before 1.1.11, all versions before 1.0.475",
          "cwe_ids": [
            "CWE-1035",
            "CWE-347",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS does not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation.",
          "fixed_versions": [
            "1.0.475"
          ],
          "identifier": "CVE-2022-23655",
          "identifiers": [
            "GHSA-53m6-44rc-h2q5",
            "CVE-2022-23655"
          ],
          "not_impacted": "All versions before 1.1.0, all versions starting from 1.0.475 before 1.1.11",
          "package_slug": "packagist/october/system",
          "pubdate": "2022-02-24",
          "solution": "Upgrade to version 1.0.475 or above.",
          "title": "Improper Verification of Cryptographic Signature",
          "urls": [
            "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5",
            "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-23655",
            "https://github.com/advisories/GHSA-53m6-44rc-h2q5"
          ],
          "uuid": "ea26f51c-407f-4fa1-b993-d13333d64f05"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.0.475",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.11",
                "versionStartIncluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-23655"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to build 474 or v1.1.10. The only known workaround is to manually apply the patch (e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a) which adds server signature validation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-347"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/commit/e3b455ad587282f0fbcb7763c6d9c3d000ca1e6a"
            },
            {
              "name": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-03-07T17:15Z",
      "publishedDate": "2022-02-24T00:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-23655 (GCVE-0-2022-23655)

Vulnerability from cvelistv5

fkie_cve-2022-23655

Vulnerability from fkie_nvd

ghsa-53m6-44rc-h2q5

Vulnerability from github

Impact

Patches

Workarounds

Recommendations

References

For more information

gsd-2022-23655

Vulnerability from gsd

Tags

Sightings

Nomenclature