CVE-2023-35167 - OpenCVE

Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Remult	Remult

Configuration 1 [-]

cpe:2.3:a:remult:remult:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5
https://github.com/remult/remult/releases/tag/v0.20.6
https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-06-23T19:03:54.753Z

Updated: 2024-08-02T16:23:59.673Z

Reserved: 2023-06-14T14:17:52.179Z

Link: CVE-2023-35167

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-06-23T20:15:09.227

Modified: 2023-07-05T16:17:49.733

Link: CVE-2023-35167

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35167", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-14T14:17:52.179Z", "datePublished": "2023-06-23T19:03:54.753Z", "dateUpdated": "2024-08-02T16:23:59.673Z"}, "containers": {"cna": {"title": "When setting EntityOptions.apiPrefilter to a function, the filter is not applied to API requests for a resource by Id", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9"}, {"name": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5", "tags": ["x_refsource_MISC"], "url": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5"}, {"name": "https://github.com/remult/remult/releases/tag/v0.20.6", "tags": ["x_refsource_MISC"], "url": "https://github.com/remult/remult/releases/tag/v0.20.6"}], "affected": [{"vendor": "remult", "product": "remult", "versions": [{"version": "< 0.20.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-06-23T19:03:54.753Z"}, "descriptions": [{"lang": "en", "value": "Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function."}], "source": {"advisory": "GHSA-7hh3-3x64-v2g9", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:23:59.673Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9"}, {"name": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5"}, {"name": "https://github.com/remult/remult/releases/tag/v0.20.6", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/remult/remult/releases/tag/v0.20.6"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:remult:remult:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "AD3B9675-5858-4D19-BAC9-FB474B5A650D", "versionEndExcluding": "0.20.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function."}], "id": "CVE-2023-35167", "lastModified": "2023-07-05T16:17:49.733", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-06-23T20:15:09.227", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/remult/remult/commit/6892ae97134126d8710ef7302bb2fc37730994c5"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/remult/remult/releases/tag/v0.20.6"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/remult/remult/security/advisories/GHSA-7hh3-3x64-v2g9"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}