{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-16T11:06:08", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"}, {"tags": ["x_refsource_MISC"], "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"}, {"name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-28109", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2022/02/07/3", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"}, {"name": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/", "refsource": "MISC", "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"}, {"name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:48:37.671Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"}, {"name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-28109", "datePublished": "2022-04-15T15:50:26", "dateReserved": "2022-03-28T00:00:00", "dateUpdated": "2024-08-03T05:48:37.671Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:selenium:selenium_grid:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F051B81-A7AE-4D94-B701-9FC7F006AEEC", "versionEndExcluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "324578B9-CAD2-4F95-91F2-76EDB5FD0A85", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "51D35036-15ED-43D1-918D-E38FCAB10D52", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "731C8648-E3E2-4D44-A828-46B628D10A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "6D76FAFC-B115-41AE-98AE-1128F5B6F492", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "7CD5D613-B4DF-4F6C-9593-70BF0DE2E06A", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "E336A584-478F-4164-8F4C-6BC0FE32FB52", "vulnerable": true}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "DDE08E93-5199-4EA9-BD47-9B188994C542", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."}, {"lang": "es", "value": "Selenium Selenium Grid (anteriormente Selenium Standalone Server) Corregido en versi\u00f3n 4.0.0-alpha-7 est\u00e1 afectado por: Un reencuadre de DNS. El impacto es: ejecutar c\u00f3digo arbitrario (remoto). El componente es: WebDriver endpoint de Selenium Grid / Selenium Standalone Server. El vector de ataque es: Desencadenado por la navegaci\u00f3n a un servidor web remoto malicioso. El endpoint WebDriver de Selenium Server (Grid) es vulnerable a un reencuadre de DNS. Esto puede ser usado para ejecutar c\u00f3digo arbitrario en la m\u00e1quina"}], "id": "CVE-2022-28109", "lastModified": "2024-11-21T06:56:46.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-15T16:15:07.897", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "selenium-standalone: DNS-rebinding vulnerability", "id": "2076358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076358"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-352", "details": ["Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.", "A flaw was found in the WebDriver endpoint of Selenium Grid suite. A malicious web server can be reached via Cross-Site Request Forgery (CSRF) and DNS-rebinding attacks. This issue could allow an attacker to execute arbitrary code on the machine."], "name": "CVE-2022-28109", "package_state": [{"cpe": "cpe:/a:redhat:rhel_dotnet:6.0", "fix_state": "Not affected", "package_name": "rh-dotnet60-dotnet", "product_name": ".NET 6.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:5.0", "fix_state": "Out of support scope", "package_name": "rh-dotnet50-dotnet", "product_name": ".NET Core 5.0 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "mcm-topology-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/application-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "dotnet5.0", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-04-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-28109\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-28109"], "statement": "dotnet is not affected by this flaw because it ships a newer version of the code.", "threat_severity": "Important"}