CVE-2023-25569 - OpenCVE

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apolloconfig	Apollo

Configuration 1 [-]

cpe:2.3:a:apolloconfig:apollo:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750
https://github.com/apolloconfig/apollo/pull/4664
https://github.com/apolloconfig/apollo/releases/tag/v2.1.0
https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25
https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-20T15:12:35.031Z

Updated: 2024-08-02T11:25:19.161Z

Reserved: 2023-02-07T17:10:00.738Z

Link: CVE-2023-25569

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-20T16:15:10.503

Modified: 2023-11-07T04:09:00.940

Link: CVE-2023-25569

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25569", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-07T17:10:00.738Z", "datePublished": "2023-02-20T15:12:35.031Z", "dateUpdated": "2024-08-02T11:25:19.161Z"}, "containers": {"cna": {"title": "apollo-portal has potential CSRF issue", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25"}, {"name": "https://github.com/apolloconfig/apollo/pull/4664", "tags": ["x_refsource_MISC"], "url": "https://github.com/apolloconfig/apollo/pull/4664"}, {"name": "https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750", "tags": ["x_refsource_MISC"], "url": "https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750"}, {"name": "https://github.com/apolloconfig/apollo/releases/tag/v2.1.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/apolloconfig/apollo/releases/tag/v2.1.0"}, {"name": "https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related", "tags": ["x_refsource_MISC"], "url": "https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related"}], "affected": [{"vendor": "apolloconfig", "product": "apollo", "versions": [{"version": "< 2.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-20T15:12:35.031Z"}, "descriptions": [{"lang": "en", "value": "Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.\n"}], "source": {"advisory": "GHSA-fmxq-v8mg-qh25", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:25:19.161Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25"}, {"name": "https://github.com/apolloconfig/apollo/pull/4664", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/apolloconfig/apollo/pull/4664"}, {"name": "https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750"}, {"name": "https://github.com/apolloconfig/apollo/releases/tag/v2.1.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/apolloconfig/apollo/releases/tag/v2.1.0"}, {"name": "https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apolloconfig:apollo:*:*:*:*:*:*:*:*", "matchCriteriaId": "799ED7FE-4FAA-475E-A4E6-2F3179879F3E", "versionEndExcluding": "2.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cookie SameSite strategy was set to Lax in version 2.1.0. As a workaround, avoid visiting unknown source pages.\n"}], "id": "CVE-2023-25569", "lastModified": "2023-11-07T04:09:00.940", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-20T16:15:10.503", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/apolloconfig/apollo/commit/00d968a7229f809b0d8ed0532e8c01a6c2b7c750"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/apolloconfig/apollo/pull/4664"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/apolloconfig/apollo/releases/tag/v2.1.0"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/apolloconfig/apollo/security/advisories/GHSA-fmxq-v8mg-qh25"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://www.apolloconfig.com/#/en/usage/apollo-user-guide?id=_71-security-related"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}]}