CVE-2021-43846 - OpenCVE

`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the "Add to cart" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nebulab	Solidus

Configuration 1 [-]

OR	cpe:2.3:a:nebulab:solidus::::::::
	cpe:2.3:a:nebulab:solidus::::::::
	cpe:2.3:a:nebulab:solidus::::::::

No data.

References

Link	Providers
https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81
https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6
https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-12-20T21:30:11

Updated: 2024-08-04T04:10:16.776Z

Reserved: 2021-11-16T00:00:00

Link: CVE-2021-43846

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-20T22:15:07.947

Modified: 2021-12-29T18:26:19.657

Link: CVE-2021-43846

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "solidus", "vendor": "solidusio", "versions": [{"status": "affected", "version": ">= 3.1.0, < 3.1.5"}, {"status": "affected", "version": ">= 3.0.0, < 3.0.5"}, {"status": "affected", "version": "< 2.11.14"}]}], "descriptions": [{"lang": "en", "value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-20T21:30:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"}], "source": {"advisory": "GHSA-h3fg-h5v3-vf8m", "discovery": "UNKNOWN"}, "title": "CSRF forgery protection bypass for Spree::OrdersController#populate", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43846", "STATE": "PUBLIC", "TITLE": "CSRF forgery protection bypass for Spree::OrdersController#populate"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "solidus", "version": {"version_data": [{"version_value": ">= 3.1.0, < 3.1.5"}, {"version_value": ">= 3.0.0, < 3.0.5"}, {"version_value": "< 2.11.14"}]}}]}, "vendor_name": "solidusio"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m", "refsource": "CONFIRM", "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"}, {"name": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81", "refsource": "MISC", "url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"}, {"name": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6", "refsource": "MISC", "url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"}]}, "source": {"advisory": "GHSA-h3fg-h5v3-vf8m", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:16.776Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43846", "datePublished": "2021-12-20T21:30:11", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:10:16.776Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBFCB5C4-83E5-4AD7-8C52-92B863DD15B6", "versionEndExcluding": "2.11.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "B58D450A-ADBF-4E0F-9C11-B11752ADE39E", "versionEndExcluding": "3.0.5", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A7D9C43-3C12-4B42-8DB2-FF18AD5BEF0E", "versionEndExcluding": "3.1.5", "versionStartIncluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "`solidus_frontend` is the cart and storefront for the Solidus e-commerce project. Versions of `solidus_frontend` prior to 3.1.5, 3.0.5, and 2.11.14 contain a cross-site request forgery (CSRF) vulnerability that allows a malicious site to add an item to the user's cart without their knowledge. Versions 3.1.5, 3.0.5, and 2.11.14 contain a patch for this issue. The patch adds CSRF token verification to the \"Add to cart\" action. Adding forgery protection to a form that missed it can have some side effects. Other CSRF protection strategies as well as a workaround involving modifcation to config/application.rb` are available. More details on these mitigations are available in the GitHub Security Advisory."}, {"lang": "es", "value": "\"solidus_frontend\" es el carrito y el escaparate del proyecto de comercio electr\u00f3nico Solidus. Las versiones de \"solidus_frontend\" anteriores a 3.1.5, 3.0.5 y 2.11.14, contienen una vulnerabilidad de tipo cross-site request forgery (CSRF) que permite a un sitio malicioso a\u00f1adir un art\u00edculo al carrito del usuario sin su conocimiento. Las versiones 3.1.5, 3.0.5 y 2.11.14 contienen un parche para este problema. El parche a\u00f1ade la verificaci\u00f3n del token CSRF a la acci\u00f3n \"Add to cart\". A\u00f1adir protecci\u00f3n contra falsificaciones a un formulario que no la ten\u00eda puede tener algunos efectos secundarios. Est\u00e1n disponibles otras estrategias de protecci\u00f3n contra CSRF, as\u00ed como una soluci\u00f3n que implica la modificaci\u00f3n del archivo config/application.rb. M\u00e1s detalles sobre estas mitigaciones est\u00e1n disponibles en el aviso de seguridad de GitHub"}], "id": "CVE-2021-43846", "lastModified": "2021-12-29T18:26:19.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-12-20T22:15:07.947", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solidusio/solidus/commit/4d17cacf066d9492fc04eb3a0b16084b47376d81"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/solidusio/solidus/commit/a1b9bf7f24f9b8684fc4d943eacb02b1926c77c6"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/solidusio/solidus/security/advisories/GHSA-h3fg-h5v3-vf8m"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}