{"containers": {"cna": {"affected": [{"product": "october", "vendor": "octobercms", "versions": [{"status": "affected", "version": "< 1.0.468"}]}], "descriptions": [{"lang": "en", "value": "In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-565", "description": "{\"CWE-565\":\"Reliance on Cookies without Validation and Integrity Checking\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-31T17:45:20", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/octobercms/library/pull/508"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"}], "source": {"advisory": "GHSA-55mm-5399-7r63", "discovery": "UNKNOWN"}, "title": "Reliance on Cookies without validation in OctoberCMS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15128", "STATE": "PUBLIC", "TITLE": "Reliance on Cookies without validation in OctoberCMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "october", "version": {"version_data": [{"version_value": "< 1.0.468"}]}}]}, "vendor_name": "octobercms"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468)."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-565\":\"Reliance on Cookies without Validation and Integrity Checking\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63", "refsource": "CONFIRM", "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"}, {"name": "https://github.com/octobercms/library/pull/508", "refsource": "MISC", "url": "https://github.com/octobercms/library/pull/508"}, {"name": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c", "refsource": "MISC", "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"}]}, "source": {"advisory": "GHSA-55mm-5399-7r63", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.316Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/octobercms/library/pull/508"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15128", "datePublished": "2020-07-31T17:45:20", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.316Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "matchCriteriaId": "63415731-A650-4848-8402-76F1E60C608C", "versionEndExcluding": "1.0.468", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In OctoberCMS before version 1.0.468, encrypted cookie values were not tied to the name of the cookie the value belonged to. This meant that certain classes of attacks that took advantage of other theoretical vulnerabilities in user facing code (nothing exploitable in the core project itself) had a higher chance of succeeding. Specifically, if your usage exposed a way for users to provide unfiltered user input and have it returned to them as an encrypted cookie (ex. storing a user provided search query in a cookie) they could then use the generated cookie in place of other more tightly controlled cookies; or if your usage exposed the plaintext version of an encrypted cookie at any point to the user they could theoretically provide encrypted content from your application back to it as an encrypted cookie and force the framework to decrypt it for them. Issue has been fixed in build 468 (v1.0.468)."}, {"lang": "es", "value": "En OctoberCMS versiones anteriores a 1.0.468, los valores de cookies cifrados no estaban enlazados al nombre de la cookie a la que pertenec\u00eda el valor. Esto significaba que determinadas clases de ataques que toman ventaja a otras vulnerabilidades te\u00f3ricas en el c\u00f3digo de usuario (nada explotable en el proyecto central en s\u00ed) ten\u00edan una mayor oportunidad de \u00e9xito. Espec\u00edficamente, si su uso expuso una forma para que los usuarios proporcionen informaci\u00f3n de usuario sin filtrar y que se la devuelva como una cookie cifrada (por ejemplo, almacenando una consulta de b\u00fasqueda proporcionada por el usuario en una cookie), podr\u00edan usar la cookie generada en lugar de otras cookies estrictamente controladas; o si su uso expuso la versi\u00f3n de texto plano de una cookie cifrada en alg\u00fan momento al usuario, te\u00f3ricamente podr\u00edan proporcionarle contenido cifrado de su aplicaci\u00f3n como cookie cifrada y forzar al framework a descifrarla. El problema ha sido corregido en el build 468 (versi\u00f3n v1.0.468)"}], "id": "CVE-2020-15128", "lastModified": "2024-11-21T05:04:54.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-31T18:15:14.350", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/library/pull/508"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/library/commit/28310d4fb336a1741b39498f4474497644a6875c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/octobercms/library/pull/508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/octobercms/october/security/advisories/GHSA-55mm-5399-7r63"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-565"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}