CVE-2023-37268 - Vulnerability Details - OpenCVE

ReportizFlow

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Warpgate Project	Warpgate

Configuration 1 [-]

cpe:2.3:a:warpgate_project:warpgate:0.7.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e
https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4

History

Fri, 18 Oct 2024 18:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:warpgate_project:warpgate::::::::
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-14T21:02:00.786Z

Updated: 2024-10-18T17:41:24.928Z

Reserved: 2023-06-29T19:35:26.438Z

Link: CVE-2023-37268

Vulnrichment

Updated: 2024-08-02T17:09:33.241Z

NVD

Status : Modified

Published: 2023-07-14T22:15:09.317

Modified: 2024-11-21T08:11:21.493

Link: CVE-2023-37268

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37268", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-29T19:35:26.438Z", "datePublished": "2023-07-14T21:02:00.786Z", "dateUpdated": "2024-10-18T17:41:24.928Z"}, "containers": {"cna": {"title": "User login confusion with SSO in warpgate", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}, {"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}], "affected": [{"vendor": "warp-tech", "product": "warpgate", "versions": [{"version": "< 0.7.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-14T21:02:00.786Z"}, "descriptions": [{"lang": "en", "value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."}], "source": {"advisory": "GHSA-868r-97g5-r9g4", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.241Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}, {"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}]}, {"affected": [{"vendor": "warpgate_project", "product": "warpgate", "cpes": ["cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.7.3", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T17:30:49.816727Z", "id": "CVE-2023-37268", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T17:41:24.928Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.241Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37268", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-18T17:30:49.816727Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:warpgate_project:warpgate:*:*:*:*:*:*:*:*"], "vendor": "warpgate_project", "product": "warpgate", "versions": [{"status": "affected", "version": "0", "lessThan": "0.7.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T17:41:19.693Z"}}], "cna": {"title": "User login confusion with SSO in warpgate", "source": {"advisory": "GHSA-868r-97g5-r9g4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "warp-tech", "product": "warpgate", "versions": [{"status": "affected", "version": "< 0.7.3"}]}], "references": [{"url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-14T21:02:00.786Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37268", "state": "PUBLISHED", "dateUpdated": "2024-10-18T17:41:24.928Z", "dateReserved": "2023-06-29T19:35:26.438Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-07-14T21:02:00.786Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:warpgate_project:warpgate:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "4186EF0A-7EF9-4894-A349-580867C01F9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."}], "id": "CVE-2023-37268", "lastModified": "2024-11-21T08:11:21.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-07-14T22:15:09.317", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Secondary"}]}