CVE-2023-33185 - OpenCVE

Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Django-ses Project	Django-ses

Configuration 1 [-]

cpe:2.3:a:django-ses_project:django-ses:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md
https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795
https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-05-26T20:03:33.725Z

Updated: 2024-08-02T15:39:35.828Z

Reserved: 2023-05-17T22:25:50.697Z

Link: CVE-2023-33185

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-26T21:15:20.527

Modified: 2023-06-06T18:09:12.467

Link: CVE-2023-33185

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33185", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-05-17T22:25:50.697Z", "datePublished": "2023-05-26T20:03:33.725Z", "dateUpdated": "2024-08-02T15:39:35.828Z"}, "containers": {"cna": {"title": "Incorrect signature verification in django-ses", "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "lang": "en", "description": "CWE-347: Improper Verification of Cryptographic Signature", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25"}, {"name": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795", "tags": ["x_refsource_MISC"], "url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795"}, {"name": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md", "tags": ["x_refsource_MISC"], "url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md"}], "affected": [{"vendor": "django-ses", "product": "django-ses", "versions": [{"version": "< 3.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-05-26T20:03:33.725Z"}, "descriptions": [{"lang": "en", "value": "Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0."}], "source": {"advisory": "GHSA-qg36-9jxh-fj25", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.828Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25"}, {"name": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795"}, {"name": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:django-ses_project:django-ses:*:*:*:*:*:*:*:*", "matchCriteriaId": "B87C9D64-0546-4BC8-B456-D2EB87E34F57", "versionEndExcluding": "3.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0."}], "id": "CVE-2023-33185", "lastModified": "2023-06-06T18:09:12.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-05-26T21:15:20.527", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "security-advisories@github.com", "type": "Secondary"}]}