CVE-2014-10067 - OpenCVE

paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Paypal-ipn Project	Paypal-ipn

Configuration 1 [-]

cpe:2.3:a:paypal-ipn_project:paypal-ipn:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/andzdroid/paypal-ipn/issues/11
https://nodesecurity.io/advisories/26

History

No history.

MITRE

Status: PUBLISHED

Assigner: hackerone

Published: 2018-05-29T20:00:00Z

Updated: 2024-09-17T00:11:12.478Z

Reserved: 2017-10-29T00:00:00

Link: CVE-2014-10067

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-05-29T20:29:00.220

Modified: 2018-07-09T14:27:20.073

Link: CVE-2014-10067

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "paypal-ipn node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "<3.0.0"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-29T19:57:02", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/26"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2014-10067", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "paypal-ipn node module", "version": {"version_data": [{"version_value": "<3.0.0"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/andzdroid/paypal-ipn/issues/11", "refsource": "MISC", "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"name": "https://nodesecurity.io/advisories/26", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/26"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:02:38.126Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://nodesecurity.io/advisories/26"}]}]}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2014-10067", "datePublished": "2018-05-29T20:00:00Z", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2024-09-17T00:11:12.478Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paypal-ipn_project:paypal-ipn:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7A017D53-AD44-4031-94EA-9BD990B96739", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}, {"lang": "es", "value": "paypal-ipn en versiones anteriores a la 3.0.0 emplea el par\u00e1metro \"test_ipn\" (que se establece por medio del simulador PayPal IPN) para determinar si deber\u00eda usar el sitio de PayPal en producci\u00f3n o el sandbox. Con un poco de tiempo, un atacante podr\u00eda manipuflar una petici\u00f3n empleando el simulador que enga\u00f1ar\u00eda a cualquier aplicaci\u00f3n que no comprueba test_ipn expl\u00edcitamente en producci\u00f3n."}], "id": "CVE-2014-10067", "lastModified": "2018-07-09T14:27:20.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-29T20:29:00.220", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/26"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}