CVE-2020-4040 - OpenCVE

Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Boltcms	Bolt

Configuration 1 [-]

cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html
http://seclists.org/fulldisclosure/2020/Jul/4
https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f
https://github.com/bolt/bolt/pull/7853
https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-06-08T22:00:16

Updated: 2024-08-04T07:52:20.663Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4040

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-06-08T22:15:10.603

Modified: 2022-10-07T01:25:11.650

Link: CVE-2020-4040

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "bolt", "vendor": "bolt", "versions": [{"status": "affected", "version": "< 3.7.1"}]}], "descriptions": [{"lang": "en", "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-07-03T18:06:00", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bolt/bolt/pull/7853"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html"}, {"name": "20200703 Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Jul/4"}], "source": {"advisory": "GHSA-2q66-6cc3-6xm8", "discovery": "UNKNOWN"}, "title": "CSRF issue on preview pages in Bolt CMS", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-4040", "STATE": "PUBLIC", "TITLE": "CSRF issue on preview pages in Bolt CMS"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bolt", "version": {"version_data": [{"version_value": "< 3.7.1"}]}}]}, "vendor_name": "bolt"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8", "refsource": "CONFIRM", "url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8"}, {"name": "https://github.com/bolt/bolt/pull/7853", "refsource": "MISC", "url": "https://github.com/bolt/bolt/pull/7853"}, {"name": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f", "refsource": "MISC", "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f"}, {"name": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html"}, {"name": "20200703 Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Jul/4"}]}, "source": {"advisory": "GHSA-2q66-6cc3-6xm8", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.663Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bolt/bolt/pull/7853"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html"}, {"name": "20200703 Bolt CMS <= 3.7.0 Multiple Vulnerabilities - CSRF to RCE", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Jul/4"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-4040", "datePublished": "2020-06-08T22:00:16", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.663Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:boltcms:bolt:*:*:*:*:*:*:*:*", "matchCriteriaId": "00F61767-4ADE-48D3-B45B-7F500002E79D", "versionEndExcluding": "3.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1"}, {"lang": "es", "value": "Bolt CMS versi\u00f3n anterior a 3.7.1, carec\u00eda de protecci\u00f3n de CSRF en el endpoint de generaci\u00f3n de vista previa. Las vistas previas est\u00e1n destinadas a ser generadas por los administradores, desarrolladores, jefes de redacci\u00f3n y editores, que est\u00e1n autorizados para crear contenido en la aplicaci\u00f3n. Pero debido a la falta de una protecci\u00f3n de CSRF apropiada, los usuarios no autorizados podr\u00edan generar una vista previa. Esto se ha corregido en Bolt versi\u00f3n 3.7.1"}], "id": "CVE-2020-4040", "lastModified": "2022-10-07T01:25:11.650", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-06-08T22:15:10.603", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2020/Jul/4"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bolt/bolt/pull/7853"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/bolt/bolt/security/advisories/GHSA-2q66-6cc3-6xm8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Secondary"}]}