CWE-942
AllowedPermissive Cross-domain Security Policy with Untrusted Domains
Abstraction: Variant · Status: Incomplete
The product uses a web-client protection mechanism such as a Content Security Policy (CSP) or cross-domain policy file, but the policy includes untrusted domains with which the web client is allowed to communicate.
176 vulnerabilities reference this CWE, most recent first.
CVE-2025-2865 (GCVE-0-2025-2865)
Vulnerability from cvelistv5 – Published: 2025-03-28 13:24 – Updated: 2025-03-28 14:32- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| Vendor | Product | Version | |
|---|---|---|---|
| Arteche | saTECH BCU |
Affected:
2.1.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:32:10.587216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:32:18.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "saTECH BCU",
"vendor": "Arteche",
"versions": [
{
"status": "affected",
"version": "2.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Aar\u00f3n Flecha"
},
{
"lang": "en",
"type": "finder",
"value": "Gabriel V\u00eda Echezarreta"
}
],
"datePublic": "2025-03-27T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker."
}
],
"value": "SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T13:24:47.015Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-arteches-satech-bcu"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by Arteche in firmware version 2.2.1."
}
],
"value": "The vulnerability has been fixed by Arteche in firmware version 2.2.1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-2865",
"datePublished": "2025-03-28T13:24:47.015Z",
"dateReserved": "2025-03-27T10:59:45.540Z",
"dateUpdated": "2025-03-28T14:32:18.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1083 (GCVE-0-2025-1083)
Vulnerability from cvelistv5 – Published: 2025-02-06 23:00 – Updated: 2025-02-12 19:41| URL | Tags |
|---|---|
| https://vuldb.com/?id.294859 | vdb-entry |
| https://vuldb.com/?ctiid.294859 | signaturepermissions-required |
| https://vuldb.com/?submit.489634 | third-party-advisory |
| https://github.com/cydtseng/Vulnerability-Researc… | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| Mindskip | xzs-mysql 学之思开源考试系统 |
Affected:
3.9.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1083",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T15:24:53.294187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T19:41:08.327Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"CORS Handler"
],
"product": "xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf",
"vendor": "Mindskip",
"versions": [
{
"status": "affected",
"version": "3.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "vastzero (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf 3.9.0 wurde eine problematische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Komponente CORS Handler. Durch Manipulation mit unbekannten Daten kann eine permissive cross-domain policy with untrusted domains-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T23:00:11.019Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-294859 | Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf CORS cross-domain policy",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.294859"
},
{
"name": "VDB-294859 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.294859"
},
{
"name": "Submit #489634 | Mindskip xzs-mysql 3.9.0 CORS Misconfiguration",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.489634"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/OverlyPermissiveCORS-Multiple.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-06T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-06T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-06T15:31:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "Mindskip xzs-mysql \u5b66\u4e4b\u601d\u5f00\u6e90\u8003\u8bd5\u7cfb\u7edf CORS cross-domain policy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1083",
"datePublished": "2025-02-06T23:00:11.019Z",
"dateReserved": "2025-02-06T14:25:50.948Z",
"dateUpdated": "2025-02-12T19:41:08.327Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53276 (GCVE-0-2024-53276)
Vulnerability from cvelistv5 – Published: 2024-12-23 17:13 – Updated: 2025-02-18 21:48- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/xemle/home-gallery/blob/v1.15.… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| xemle | home-gallery |
Affected:
<= 1.15.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53276",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-24T01:36:56.732394Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:48:40.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "home-gallery",
"vendor": "xemle",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website to make a cross site request to home-gallery, thus allowing them to read any endpoint on home-gallery. Home-gallery is mostly safe from cross-site requests due to most of its pages requiring JavaScript, and cross-site requests such as fetch() do not render javascript. If an attacker is able to get the path of the preview images which are randomized, an attacker will be able to view such a photo. If any static files or endpoints are introduced in the future that contain sensitive information, they will be accessible to an attacker website."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-23T17:13:46.115Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-091_GHSL-2024-092_home-gallery/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-091_GHSL-2024-092_home-gallery/"
},
{
"name": "https://github.com/xemle/home-gallery/blob/v1.15.0/packages/server/src/app.js#L45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xemle/home-gallery/blob/v1.15.0/packages/server/src/app.js#L45"
}
],
"source": {
"advisory": "GHSA-4fw4-72f4-fqgq",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-092: Open CORS policy in home-gallery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53276",
"datePublished": "2024-12-23T17:13:46.115Z",
"dateReserved": "2024-11-19T20:08:14.483Z",
"dateUpdated": "2025-02-18T21:48:40.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-49763 (GCVE-0-2024-49763)
Vulnerability from cvelistv5 – Published: 2024-12-02 16:41 – Updated: 2024-12-02 17:22- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/PlexRipper/PlexRipper/commit/1… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| PlexRipper | PlexRipper |
Affected:
< 0.24.0
|
|
| plexripper_project | plexripper |
Affected:
0 , < 0.24.0
(custom)
cpe:2.3:a:plexripper_project:plexripper:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:plexripper_project:plexripper:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "plexripper",
"vendor": "plexripper_project",
"versions": [
{
"lessThan": "0.24.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49763",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T17:21:00.347159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T17:22:07.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PlexRipper",
"vendor": "PlexRipper",
"versions": [
{
"status": "affected",
"version": "\u003c 0.24.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PlexRipper is a cross-platform media downloader for Plex. PlexRipper\u2019s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker\u2019s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user\u2019s Plex login. This vulnerability is fixed in 0.24.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T16:41:26.846Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-305_PlexRipper/"
},
{
"name": "https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/PlexRipper/PlexRipper/commit/184074644a1f5a8ac59519929a9c4b92280fb2a1"
}
],
"source": {
"advisory": "GHSA-cqgv-chxc-9g3q",
"discovery": "UNKNOWN"
},
"title": "PlexRipper allows API leak due to open CORS policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-49763",
"datePublished": "2024-12-02T16:41:26.846Z",
"dateReserved": "2024-10-18T13:43:23.456Z",
"dateUpdated": "2024-12-02T17:22:07.037Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45642 (GCVE-0-2024-45642)
Vulnerability from cvelistv5 – Published: 2024-11-14 12:04 – Updated: 2024-11-14 14:04- CWE-942 - Overly Permissive Cross-domain Whitelist
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7172212 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Security ReaQta |
Affected:
3.12
cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T14:04:42.818713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T14:04:51.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:security_qradar_edr:3.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Security ReaQta",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "3.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Overly Permissive Cross-domain Whitelist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T12:04:31.126Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7172212"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Security ReaQta information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-45642",
"datePublished": "2024-11-14T12:04:31.126Z",
"dateReserved": "2024-09-03T13:50:17.060Z",
"dateUpdated": "2024-11-14T14:04:51.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41659 (GCVE-0-2024-41659)
Vulnerability from cvelistv5 – Published: 2024-08-20 19:54 – Updated: 2025-01-09 19:15- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/usememos/memos/commit/8101a5e0… | x_refsource_MISC |
| https://github.com/usememos/memos/blob/v0.20.1/se… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:usememos:memos:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "memos",
"vendor": "usememos",
"versions": [
{
"lessThanOrEqual": "0.20.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41659",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T13:24:07.900591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:15:30.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "memos",
"vendor": "usememos",
"versions": [
{
"status": "affected",
"version": "\u003c 0.21.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker to read private information or make privileged changes to the system as the vulnerable user account. This vulnerability is fixed in 0.21.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T15:27:22.743Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-034_memos/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-034_memos/"
},
{
"name": "https://github.com/usememos/memos/commit/8101a5e0b162044c16385bee4f12a4a653d050b9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/usememos/memos/commit/8101a5e0b162044c16385bee4f12a4a653d050b9"
},
{
"name": "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/usememos/memos/blob/v0.20.1/server/server.go#L163"
}
],
"source": {
"advisory": "GHSA-p4fx-qf2h-jpmj",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-034: memos CORS Misconfiguration in server.go"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41659",
"datePublished": "2024-08-20T19:54:08.182Z",
"dateReserved": "2024-07-18T15:21:47.482Z",
"dateUpdated": "2025-01-09T19:15:30.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41657 (GCVE-0-2024-41657)
Vulnerability from cvelistv5 – Published: 2024-08-20 20:11 – Updated: 2024-08-20 20:54- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://securitylab.github.com/advisories/GHSL-20… | x_refsource_CONFIRM |
| https://github.com/casdoor/casdoor/blob/v1.577.0/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "casdoor",
"vendor": "casbin",
"versions": [
{
"lessThanOrEqual": "1.577.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41657",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T20:53:11.068829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:54:45.045Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "casdoor",
"vendor": "casdoor",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.577.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T20:11:29.788Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/"
},
{
"name": "https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45"
}
],
"source": {
"advisory": "GHSA-mchx-7j67-8mcf",
"discovery": "UNKNOWN"
},
"title": "GHSL-2024-035: Casdoor CORS misconfiguration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41657",
"datePublished": "2024-08-20T20:11:29.788Z",
"dateReserved": "2024-07-18T15:21:47.482Z",
"dateUpdated": "2024-08-20T20:54:45.045Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37131 (GCVE-0-2024-37131)
Vulnerability from cvelistv5 – Published: 2024-06-13 14:35 – Updated: 2024-08-02 03:50- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022595… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | Secure Connect Gateway (SCG) Policy Manager |
Affected:
5.18.20 , ≤ 5.22.00.18
(semver)
|
|
| dell | secure_connect_gateway_policy_manager |
Affected:
5.18.20 , ≤ 5.22.00.18
(semver)
cpe:2.3:a:dell:secure_connect_gateway_policy_manager:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:secure_connect_gateway_policy_manager:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "secure_connect_gateway_policy_manager",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "5.22.00.18",
"status": "affected",
"version": "5.18.20",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37131",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:10:06.213990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T15:18:01.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:50:54.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225956/dsa-2024-254-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Secure Connect Gateway (SCG) Policy Manager",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.22.00.18",
"status": "affected",
"version": "5.18.20",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-11T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user."
}
],
"value": "SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T14:35:24.334Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000225956/dsa-2024-254-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-37131",
"datePublished": "2024-06-13T14:35:24.334Z",
"dateReserved": "2024-06-03T12:08:48.716Z",
"dateUpdated": "2024-08-02T03:50:54.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32862 (GCVE-0-2024-32862)
Vulnerability from cvelistv5 – Published: 2024-08-01 21:57 – Updated: 2024-08-02 14:58- CWE-942 - Permissive Cross-domain Policy with Untrusted Domains
| Vendor | Product | Version | |
|---|---|---|---|
| Johnson Controls | exacqVision |
Affected:
0 , ≤ 24.03
(custom)
|
|
| johnsoncontrols | exacqvision_web_service |
Affected:
0 , ≤ 24.03
(custom)
cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:johnsoncontrols:exacqvision_web_service:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "exacqvision_web_service",
"vendor": "johnsoncontrols",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-32862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:54:54.809433Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:58:44.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "exacqVision",
"vendor": "Johnson Controls",
"versions": [
{
"lessThanOrEqual": "24.03",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Diego Zaffaroni from Nozomi Networks"
}
],
"datePublic": "2024-08-01T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.024);\"\u003e\n\n\u003cspan style=\"background-color: rgba(9, 30, 66, 0.06);\"\u003e\n\n\u003cp\u003e\n\n\u003cspan style=\"background-color: rgba(9, 30, 66, 0.055);\"\u003eUnder certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains. \u003c/span\u003e\n\n\u003c/p\u003e\n\n\u003c/span\u003e\n\n \u003c/span\u003e"
}
],
"value": "Under certain circumstances the ExacqVision Web Services does not provide sufficient protection from untrusted domains."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180: Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942 Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T21:57:13.093Z",
"orgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"shortName": "jci"
},
"references": [
{
"url": "https://www.johnsoncontrols.com/trust-center/cybersecurity/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgba(9, 30, 66, 0.024);\"\u003eUpdate exacqVision Web Service to version 24.06\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update exacqVision Web Service to version 24.06"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "exacqVision CORS",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7281d04a-a537-43df-bfb4-fa4110af9d01",
"assignerShortName": "jci",
"cveId": "CVE-2024-32862",
"datePublished": "2024-08-01T21:57:13.093Z",
"dateReserved": "2024-04-19T13:45:43.929Z",
"dateUpdated": "2024-08-02T14:58:44.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25124 (GCVE-0-2024-25124)
Vulnerability from cvelistv5 – Published: 2024-02-21 21:01 – Updated: 2024-08-26 14:39| URL | Tags |
|---|---|
| https://github.com/gofiber/fiber/security/advisor… | x_refsource_CONFIRM |
| https://github.com/gofiber/fiber/commit/f0cd3b44b… | x_refsource_MISC |
| https://codeql.github.com/codeql-query-help/javas… | x_refsource_MISC |
| https://developer.mozilla.org/en-US/docs/Web/HTTP… | x_refsource_MISC |
| https://fetch.spec.whatwg.org/#cors-protocol-and-… | x_refsource_MISC |
| https://github.com/gofiber/fiber/releases/tag/v2.52.1 | x_refsource_MISC |
| https://saturncloud.io/blog/cors-cannot-use-wildc… | x_refsource_MISC |
| http://blog.portswigger.net/2016/10/exploiting-co… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:36:21.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg"
},
{
"name": "https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23"
},
{
"name": "https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials"
},
{
"name": "https://fetch.spec.whatwg.org/#cors-protocol-and-credentials",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://fetch.spec.whatwg.org/#cors-protocol-and-credentials"
},
{
"name": "https://github.com/gofiber/fiber/releases/tag/v2.52.1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gofiber/fiber/releases/tag/v2.52.1"
},
{
"name": "https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true"
},
{
"name": "http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gofiber:fiber:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fiber",
"vendor": "gofiber",
"versions": [
{
"lessThan": "2.52.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-22T16:40:32.534976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:39:19.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fiber",
"vendor": "gofiber",
"versions": [
{
"status": "affected",
"version": "\u003c 2.52.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard (`*`) while also having the Access-Control-Allow-Credentials set to true, which goes against recommended security best practices. The impact of this misconfiguration is high as it can lead to unauthorized access to sensitive user data and expose the system to various types of attacks listed in the PortSwigger article linked in the references. Version 2.52.1 contains a patch for this issue. As a workaround, users may manually validate the CORS configurations in their implementation to ensure that they do not allow a wildcard origin when credentials are enabled. The browser fetch api, as well as browsers and utilities that enforce CORS policies, are not affected by this."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346: Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-21T21:01:44.672Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg"
},
{
"name": "https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23"
},
{
"name": "https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials"
},
{
"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials"
},
{
"name": "https://fetch.spec.whatwg.org/#cors-protocol-and-credentials",
"tags": [
"x_refsource_MISC"
],
"url": "https://fetch.spec.whatwg.org/#cors-protocol-and-credentials"
},
{
"name": "https://github.com/gofiber/fiber/releases/tag/v2.52.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gofiber/fiber/releases/tag/v2.52.1"
},
{
"name": "https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true",
"tags": [
"x_refsource_MISC"
],
"url": "https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true"
},
{
"name": "http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html",
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html"
}
],
"source": {
"advisory": "GHSA-fmg4-x8pw-hjhg",
"discovery": "UNKNOWN"
},
"title": "Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-25124",
"datePublished": "2024-02-21T21:01:44.672Z",
"dateReserved": "2024-02-05T14:14:46.380Z",
"dateUpdated": "2024-08-26T14:39:19.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Strategy: Attack Surface Reduction
Define a restrictive Content Security Policy [REF-1486] or cross-domain policy file.
Mitigation
Strategy: Attack Surface Reduction
Avoid using wildcards in the CSP / cross-domain policy file. Any domain matching the wildcard expression will be implicitly trusted, and can perform two-way interaction with the target server.
Mitigation
Strategy: Environment Hardening
For Flash, modify crossdomain.xml to use meta-policy options such as 'master-only' or 'none' to reduce the possibility of an attacker planting extraneous cross-domain policy files on a server.
No CAPEC attack patterns related to this CWE.