CVE-2023-37268 - OpenCVE

Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Warpgate Project	Warpgate

Configuration 1 [-]

cpe:2.3:a:warpgate_project:warpgate:0.7.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e
https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-14T21:02:00.786Z

Updated: 2024-08-02T17:09:33.241Z

Reserved: 2023-06-29T19:35:26.438Z

Link: CVE-2023-37268

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-07-14T22:15:09.317

Modified: 2023-07-28T13:40:59.173

Link: CVE-2023-37268

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37268", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-06-29T19:35:26.438Z", "datePublished": "2023-07-14T21:02:00.786Z", "dateUpdated": "2024-08-02T17:09:33.241Z"}, "containers": {"cna": {"title": "User login confusion with SSO in warpgate", "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}, {"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}], "affected": [{"vendor": "warp-tech", "product": "warpgate", "versions": [{"version": "< 0.7.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-14T21:02:00.786Z"}, "descriptions": [{"lang": "en", "value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."}], "source": {"advisory": "GHSA-868r-97g5-r9g4", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:09:33.241Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}, {"name": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:warpgate_project:warpgate:0.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "4186EF0A-7EF9-4894-A349-580867C01F9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication."}], "id": "CVE-2023-37268", "lastModified": "2023-07-28T13:40:59.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-14T22:15:09.317", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/warp-tech/warpgate/commit/8173f6512ab6183fa5edc5c9a5f3760b8979271e"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/warp-tech/warpgate/security/advisories/GHSA-868r-97g5-r9g4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "security-advisories@github.com", "type": "Primary"}]}