CVE-2020-15223 - OpenCVE

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ory	Fosite

Configuration 1 [-]

cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319
https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm
https://tools.ietf.org/html/rfc7009#section-2.2.1

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-24T16:15:45

Updated: 2024-08-04T13:08:22.904Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15223

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-24T17:15:13.210

Modified: 2022-10-21T18:09:36.827

Link: CVE-2020-15223

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "fosite", "vendor": "ory", "versions": [{"status": "affected", "version": "< 0.34.0"}]}], "descriptions": [{"lang": "en", "value": "In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "CWE-755: Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-24T16:15:45", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319"}, {"tags": ["x_refsource_MISC"], "url": "https://tools.ietf.org/html/rfc7009#section-2.2.1"}], "source": {"advisory": "GHSA-7mqr-2v3q-v2wm", "discovery": "UNKNOWN"}, "title": "Ignored storage errors on token revokation in ORY Fosite", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15223", "STATE": "PUBLIC", "TITLE": "Ignored storage errors on token revokation in ORY Fosite"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "fosite", "version": {"version_data": [{"version_value": "< 0.34.0"}]}}]}, "vendor_name": "ory"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0"}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-755: Improper Handling of Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm", "refsource": "CONFIRM", "url": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm"}, {"name": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319", "refsource": "MISC", "url": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319"}, {"name": "https://tools.ietf.org/html/rfc7009#section-2.2.1", "refsource": "MISC", "url": "https://tools.ietf.org/html/rfc7009#section-2.2.1"}]}, "source": {"advisory": "GHSA-7mqr-2v3q-v2wm", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.904Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://tools.ietf.org/html/rfc7009#section-2.2.1"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15223", "datePublished": "2020-09-24T16:15:45", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*", "matchCriteriaId": "80E07C30-E0A1-456A-B3E8-A0015EB05A66", "versionEndExcluding": "0.34.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0"}, {"lang": "es", "value": "En ORY Fosite (el primer framework de seguridad OAuth2 & OpenID Connect para Go) anterior a la versi\u00f3n 0.34.0, el \"TokenRevocationHandler\" ignora los errores provenientes del almacenamiento. Esto puede conllevar a 200 c\u00f3digos de estado no previstos que indican una revocaci\u00f3n exitosa mientras el token a\u00fan es v\u00e1lido. Si un atacante puede usar esto para su favor depende de la capacidad de desencadenar errores en la tienda. Esto se corrigi\u00f3 en la versi\u00f3n 0.34.0"}], "id": "CVE-2020-15223", "lastModified": "2022-10-21T18:09:36.827", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-09-24T17:15:13.210", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://tools.ietf.org/html/rfc7009#section-2.2.1"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "security-advisories@github.com", "type": "Secondary"}]}