CVE-2023-35948 - OpenCVE

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Novu	Novu

Configuration 1 [-]

cpe:2.3:a:novu:novu:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/novuhq/novu/pull/3510
https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79

History

Fri, 18 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-06T14:47:22.310Z

Updated: 2024-10-18T19:16:20.549Z

Reserved: 2023-06-20T14:02:45.599Z

Link: CVE-2023-35948

Vulnrichment

Updated: 2024-08-02T16:37:40.539Z

NVD

Status : Analyzed

Published: 2023-07-06T15:15:15.903

Modified: 2023-07-12T22:59:03.060

Link: CVE-2023-35948

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35948", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-20T14:02:45.599Z", "datePublished": "2023-07-06T14:47:22.310Z", "dateUpdated": "2024-10-18T19:16:20.549Z"}, "containers": {"cna": {"title": "Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality", "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79"}, {"name": "https://github.com/novuhq/novu/pull/3510", "tags": ["x_refsource_MISC"], "url": "https://github.com/novuhq/novu/pull/3510"}], "affected": [{"vendor": "novuhq", "product": "novu", "versions": [{"version": "< 0.16.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-06T14:47:22.310Z"}, "descriptions": [{"lang": "en", "value": "Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the \"Sign In with GitHub\" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch."}], "source": {"advisory": "GHSA-xxv3-m43w-gv79", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:40.539Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79"}, {"name": "https://github.com/novuhq/novu/pull/3510", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/novuhq/novu/pull/3510"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T18:58:15.593003Z", "id": "CVE-2023-35948", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T19:16:20.549Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "name": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/novuhq/novu/pull/3510", "name": "https://github.com/novuhq/novu/pull/3510", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:37:40.539Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35948", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T18:58:15.593003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T19:16:15.591Z"}}], "cna": {"title": "Novu Open Redirect Vulnerability in Sign-In with GitHub Functionality", "source": {"advisory": "GHSA-xxv3-m43w-gv79", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "novuhq", "product": "novu", "versions": [{"status": "affected", "version": "< 0.16.0"}]}], "references": [{"url": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "name": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/novuhq/novu/pull/3510", "name": "https://github.com/novuhq/novu/pull/3510", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the \"Sign In with GitHub\" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-06T14:47:22.310Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35948", "state": "PUBLISHED", "dateUpdated": "2024-10-18T19:16:20.549Z", "dateReserved": "2023-06-20T14:02:45.599Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-07-06T14:47:22.310Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:novu:novu:*:*:*:*:*:*:*:*", "matchCriteriaId": "785E20EF-B407-4B45-B990-217927C2702D", "versionEndExcluding": "0.16", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the \"Sign In with GitHub\" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch."}], "id": "CVE-2023-35948", "lastModified": "2023-07-12T22:59:03.060", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-06T15:15:15.903", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/novuhq/novu/pull/3510"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/novuhq/novu/security/advisories/GHSA-xxv3-m43w-gv79"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}