{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52598", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-14T15:05:46.770Z", "datePublished": "2024-11-20T14:09:45.400Z", "dateUpdated": "2024-11-20T14:28:57.571Z"}, "containers": {"cna": {"title": "2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-80", "lang": "en", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j"}], "affected": [{"vendor": "Bubka", "product": "2FAuth", "versions": [{"version": "< 5.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-20T14:09:45.400Z"}, "descriptions": [{"lang": "en", "value": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues."}], "source": {"advisory": "GHSA-xwxc-w7v3-2p4j", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "bubka", "product": "2fauth", "cpes": ["cpe:2.3:a:bubka:2fauth:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "5.4.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T14:26:59.708585Z", "id": "CVE-2024-52598", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:28:57.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52598", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-20T14:26:59.708585Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:bubka:2fauth:*:*:*:*:*:*:*:*"], "vendor": "bubka", "product": "2fauth", "versions": [{"status": "affected", "version": "0", "lessThan": "5.4.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T14:28:51.278Z"}}], "cna": {"title": "2FAuth vulnerable to Server Side Request Forgery + URI validation bypass in 2fauth /api/v1/twofaccounts/preview", "source": {"advisory": "GHSA-xwxc-w7v3-2p4j", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Bubka", "product": "2FAuth", "versions": [{"status": "affected", "version": "< 5.4.1"}]}], "references": [{"url": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j", "name": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-20T14:09:45.400Z"}}}, "cveMetadata": {"cveId": "CVE-2024-52598", "state": "PUBLISHED", "dateUpdated": "2024-11-20T14:28:57.571Z", "dateReserved": "2024-11-14T15:05:46.770Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-11-20T14:09:45.400Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues."}, {"lang": "es", "value": "2FAuth es una aplicaci\u00f3n web para administrar cuentas de autenticaci\u00f3n de dos factores (2FA) y generar sus c\u00f3digos de seguridad. Existen dos vulnerabilidades interconectadas en la versi\u00f3n 5.4.1: un problema de omisi\u00f3n de validaci\u00f3n de SSRF y URI. El endpoint en POST /api/v1/twofaccounts/preview permite configurar una URI remota para recuperar la imagen de un sitio 2fa. Al abusar de esta funcionalidad, es posible forzar a la aplicaci\u00f3n a realizar una solicitud GET a una URL arbitraria, cuyo contenido se almacenar\u00e1 en un archivo de imagen en el servidor si parece una imagen. Adem\u00e1s, la biblioteca realiza una validaci\u00f3n b\u00e1sica en la URI, intentando filtrar nuestras URI que no tienen una extensi\u00f3n de imagen. Sin embargo, esto se puede omitir f\u00e1cilmente agregando la cadena `#.svg` a la URI. La combinaci\u00f3n de estos dos problemas permite a un atacante recuperar URI accesibles desde la aplicaci\u00f3n, siempre que su tipo de contenido est\u00e9 basado en texto. Si no, la solicitud se env\u00eda de todos modos, pero la respuesta no se refleja al atacante. La versi\u00f3n 5.4.1 corrige los problemas."}], "id": "CVE-2024-52598", "lastModified": "2024-11-21T13:57:24.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-11-20T15:15:11.667", "references": [{"source": "[email protected]", "url": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-80"}, {"lang": "en", "value": "CWE-918"}], "source": "[email protected]", "type": "Secondary"}]}

{}