CVE-2023-31135 - Vulnerability Details

Vendors	Products
Dgraph	Dgraph

Link	Providers
https://en.wikipedia.org/wiki/Cryptographic_nonce
https://github.com/dgraph-io/dgraph/pull/8323
https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-31135", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-24T21:44:10.416Z", "datePublished": "2023-05-17T17:04:52.138Z", "dateUpdated": "2024-08-02T14:45:25.887Z"}, "containers": {"cna": {"title": "Dgraph Audit Log Encryption nonce reuse", "problemTypes": [{"descriptions": [{"cweId": "CWE-326", "lang": "en", "description": "CWE-326: Inadequate Encryption Strength", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47"}, {"name": "https://github.com/dgraph-io/dgraph/pull/8323", "tags": ["x_refsource_MISC"], "url": "https://github.com/dgraph-io/dgraph/pull/8323"}, {"name": "https://en.wikipedia.org/wiki/Cryptographic_nonce", "tags": ["x_refsource_MISC"], "url": "https://en.wikipedia.org/wiki/Cryptographic_nonce"}], "affected": [{"vendor": "dgraph-io", "product": "dgraph", "versions": [{"version": "< 23.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-17T17:04:52.138Z"}, "descriptions": [{"lang": "en", "value": "Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`."}], "source": {"advisory": "GHSA-92wq-q9pq-gw47", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.887Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47"}, {"name": "https://github.com/dgraph-io/dgraph/pull/8323", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dgraph-io/dgraph/pull/8323"}, {"name": "https://en.wikipedia.org/wiki/Cryptographic_nonce", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://en.wikipedia.org/wiki/Cryptographic_nonce"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dgraph:dgraph:*:*:*:*:*:go:*:*", "matchCriteriaId": "662699FF-8150-4D0E-817D-431360751CCF", "versionEndExcluding": "23.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`."}], "id": "CVE-2023-31135", "lastModified": "2024-11-21T08:01:27.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-05-17T18:15:09.437", "references": [{"source": "[email protected]", "tags": ["Technical Description"], "url": "https://en.wikipedia.org/wiki/Cryptographic_nonce"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/dgraph-io/dgraph/pull/8323"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Technical Description"], "url": "https://en.wikipedia.org/wiki/Cryptographic_nonce"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/dgraph-io/dgraph/pull/8323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/dgraph-io/dgraph/security/advisories/GHSA-92wq-q9pq-gw47"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "[email protected]", "type": "Secondary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object