CVE-2022-35943 - OpenCVE

Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Codeigniter	Codeigniter Shield

Configuration 1 [-]

OR	cpe:2.3:a:codeigniter:codeigniter::::::::
	cpe:2.3:a:codeigniter:shield:1.0.0:beta::::::

No data.

References

Link	Providers
https://codeigniter4.github.io/userguide/libraries/security.htm
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
https://jub0bs.com/posts/2021-01-29-great-samesite-confusion

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-12T20:55:10

Updated: 2024-08-03T09:51:59.707Z

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-35943

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-12T21:15:07.803

Modified: 2022-08-16T16:06:44.540

Link: CVE-2022-35943

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "shield", "vendor": "codeigniter4", "versions": [{"status": "affected", "version": "> 4.3.2, > v1.0.0-beta.2"}]}], "descriptions": [{"lang": "en", "value": "Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-12T20:55:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq"}, {"tags": ["x_refsource_MISC"], "url": "https://codeigniter4.github.io/userguide/libraries/security.htm"}, {"tags": ["x_refsource_MISC"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"}, {"tags": ["x_refsource_MISC"], "url": "https://jub0bs.com/posts/2021-01-29-great-samesite-confusion"}], "source": {"advisory": "GHSA-5hm8-vh6r-2cjq", "discovery": "UNKNOWN"}, "title": "SameSite may allow cross-site request forgery (CSRF) protection to be bypassed", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35943", "STATE": "PUBLIC", "TITLE": "SameSite may allow cross-site request forgery (CSRF) protection to be bypassed"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "shield", "version": {"version_data": [{"version_value": "> 4.3.2, > v1.0.0-beta.2"}]}}]}, "vendor_name": "codeigniter4"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)"}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq", "refsource": "CONFIRM", "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq"}, {"name": "https://codeigniter4.github.io/userguide/libraries/security.htm", "refsource": "MISC", "url": "https://codeigniter4.github.io/userguide/libraries/security.htm"}, {"name": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite", "refsource": "MISC", "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"}, {"name": "https://jub0bs.com/posts/2021-01-29-great-samesite-confusion", "refsource": "MISC", "url": "https://jub0bs.com/posts/2021-01-29-great-samesite-confusion"}]}, "source": {"advisory": "GHSA-5hm8-vh6r-2cjq", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:51:59.707Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://codeigniter4.github.io/userguide/libraries/security.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jub0bs.com/posts/2021-01-29-great-samesite-confusion"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35943", "datePublished": "2022-08-12T20:55:10", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2024-08-03T09:51:59.707Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBF0023B-014D-4BB0-A3C9-9A73D58C0C15", "versionEndExcluding": "4.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:codeigniter:shield:1.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "B1E3F1E0-C2D7-4EC5-AD04-AEB414A3D71C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)"}, {"lang": "es", "value": "Shield es un marco de autenticaci\u00f3n y autorizaci\u00f3n para CodeIgniter 4. Esta vulnerabilidad puede permitir a [Atacantes del Mismo Sitio](https://canitakeyoursubdomain.name/) omitir el mecanismo de [protecci\u00f3n CSRF de CodeIgniter4](https://codeigniter4.github.io/userguide/libraries/security.html) con CodeIgniter Shield. Para que este ataque tenga \u00e9xito, el atacante debe tener control directo (o indirecto, por ejemplo, de tipo XSS) sobre un sitio subdominio (por ejemplo, \"https://a.example.com/\") del sitio objetivo (por ejemplo, \"http://example.com/\"). Actualice a **CodeIgniter versiones v4.2.3 o posteriores** y **Shield versiones v1.0.0-beta.2 o posteriores**. Como mitigaci\u00f3n: establezca \"Config\\Security::$csrfProtection\" como \"\"sesi\u00f3n,\"\"elimine los datos de la sesi\u00f3n antigua justo despu\u00e9s del inicio de sesi\u00f3n (inmediatamente despu\u00e9s de que el ID y la contrase\u00f1a coincidan) y regenere el token CSRF justo despu\u00e9s del inicio de sesi\u00f3n (inmediatamente despu\u00e9s de que el ID y la contrase\u00f1a coincidan)"}], "id": "CVE-2022-35943", "lastModified": "2022-08-16T16:06:44.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-08-12T21:15:07.803", "references": [{"source": "security-advisories@github.com", "tags": ["Broken Link"], "url": "https://codeigniter4.github.io/userguide/libraries/security.htm"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "url": "https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://jub0bs.com/posts/2021-01-29-great-samesite-confusion"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}