CVE-2020-10793 - OpenCVE

CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the "Select Role of the User" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Codeigniter	Codeigniter

Configuration 1 [-]

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://codeigniter4.github.io/userguide/extending/authentication.html
https://medium.com/%40vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-23T14:12:20

Updated: 2024-08-04T11:14:15.590Z

Reserved: 2020-03-20T00:00:00

Link: CVE-2020-10793

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-23T15:15:14.720

Modified: 2023-11-07T03:14:24.257

Link: CVE-2020-10793

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the \"Select Role of the User\" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-20T20:09:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://medium.com/%40vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297"}, {"tags": ["x_refsource_MISC"], "url": "https://codeigniter4.github.io/userguide/extending/authentication.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10793", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the \"Select Role of the User\" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297", "refsource": "MISC", "url": "https://medium.com/@vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297"}, {"name": "https://codeigniter4.github.io/userguide/extending/authentication.html", "refsource": "MISC", "url": "https://codeigniter4.github.io/userguide/extending/authentication.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:15.590Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/%40vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codeigniter4.github.io/userguide/extending/authentication.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10793", "datePublished": "2020-03-23T14:12:20", "dateReserved": "2020-03-20T00:00:00", "dateUpdated": "2024-08-04T11:14:15.590Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4B558D8-2991-4D71-8E3E-A5166E4B4F78", "versionEndIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the \"Select Role of the User\" page. NOTE: A contributor to the CodeIgniter framework argues that the issue should not be attributed to CodeIgniter. Furthermore, the blog post reference shows an unknown website built with the CodeIgniter framework but that CodeIgniter is not responsible for introducing this issue because the framework has never provided a login screen, nor any kind of login or user management facilities beyond a Session library. Also, another reporter indicates the issue is with a custom module/plugin to CodeIgniter, not CodeIgniter itself."}, {"lang": "es", "value": "CodeIgniter hasta la versi\u00f3n 4.0.0 permite a los atacantes remotos obtener privilegios a trav\u00e9s de un ID de correo electr\u00f3nico modificado a la p\u00e1gina \"Seleccionar el rol del usuario\". NOTA: Un colaborador del framework CodeIgniter argumenta que el problema no debe ser atribuido a CodeIgniter. Adem\u00e1s, la referencia de la publicaci\u00f3n del blog muestra un sitio web desconocido construido con el framework CodeIgniter, pero que CodeIgniter no es responsable de la introducci\u00f3n de este problema porque el framework nunca ha proporcionado una pantalla de inicio de sesi\u00f3n, ni ning\u00fan tipo de inicio de sesi\u00f3n o facilidades de gesti\u00f3n de usuarios m\u00e1s all\u00e1 de una biblioteca de sesiones. Adem\u00e1s, otro reportero indica que el problema es con un m\u00f3dulo/plugin personalizado para CodeIgniter, no con el propio CodeIgniter"}], "id": "CVE-2020-10793", "lastModified": "2023-11-07T03:14:24.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-23T15:15:14.720", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://codeigniter4.github.io/userguide/extending/authentication.html"}, {"source": "cve@mitre.org", "url": "https://medium.com/%40vbharad/account-takeover-via-modifying-email-id-codeigniter-framework-ca30741ad297"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}