CVE-2023-38335 - Vulnerability Details - OpenCVE

ReportizFlow

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Omnis	Studio

Configuration 1 [-]

cpe:2.3:a:omnis:studio:10.22.00:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
http://seclists.org/fulldisclosure/2023/Jul/41
http://seclists.org/fulldisclosure/2023/Jul/43
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt

History

Thu, 24 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-276
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-20T00:00:00

Updated: 2024-10-24T20:28:58.255Z

Reserved: 2023-07-14T00:00:00

Link: CVE-2023-38335

Vulnrichment

Updated: 2024-08-02T17:39:12.753Z

NVD

Status : Modified

Published: 2023-07-20T18:15:12.227

Modified: 2024-11-21T08:13:21.500

Link: CVE-2023-38335

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38335", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-24T20:28:58.255Z", "dateReserved": "2023-07-14T00:00:00", "datePublished": "2023-07-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"}, {"name": "20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html"}, {"name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:12.753Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt", "tags": ["x_transferred"]}, {"name": "20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html", "tags": ["x_transferred"]}, {"name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-276", "lang": "en", "description": "CWE-276 Incorrect Default Permissions"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-24T20:25:18.168515Z", "id": "CVE-2023-38335", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T20:28:58.255Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-38335", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-24T20:28:58.255Z", "dateReserved": "2023-07-14T00:00:00", "datePublished": "2023-07-20T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-26T00:00:00"}, "descriptions": [{"lang": "en", "value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"}, {"name": "20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html"}, {"name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:39:12.753Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt", "tags": ["x_transferred"]}, {"name": "20230721 [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html", "tags": ["x_transferred"]}, {"name": "20230724 APPLE-SA-2023-07-24-1 Safari 16.6", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38335", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-24T20:25:18.168515Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-276", "description": "CWE-276 Incorrect Default Permissions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-24T20:25:23.381Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:omnis:studio:10.22.00:*:*:*:*:*:*:*", "matchCriteriaId": "3F011FFF-439D-435F-BFAC-DDC84CAFFA20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries \"always private\" - this is supposed to be an irreversible operation. However, due to implementation issues, \"always private\" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an \"irreversible operation\"."}], "id": "CVE-2023-38335", "lastModified": "2024-11-21T08:13:21.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-07-20T18:15:12.227", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html"}, {"source": "[email protected]", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"source": "[email protected]", "tags": ["Not Applicable"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2023/Jul/41"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://seclists.org/fulldisclosure/2023/Jul/43"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-276"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}