CVE-2023-39422 - OpenCVE

The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Resortdata	Internet Reservation Module Next Generation

Configuration 1 [-]

cpe:2.3:a:resortdata:internet_reservation_module_next_generation:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained

History

No history.

MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-09-07T12:22:52.239Z

Updated: 2024-08-02T18:10:20.742Z

Reserved: 2023-08-01T15:26:26.149Z

Link: CVE-2023-39422

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-07T13:15:08.710

Modified: 2023-09-12T00:08:38.390

Link: CVE-2023-39422

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39422", "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "state": "PUBLISHED", "assignerShortName": "Bitdefender", "dateReserved": "2023-08-01T15:26:26.149Z", "datePublished": "2023-09-07T12:22:52.239Z", "dateUpdated": "2024-08-02T18:10:20.742Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["/irmdata/api/"], "product": "IRM Next Generation", "vendor": "Resort Data Processing, Inc.", "versions": [{"status": "unknown", "version": "5"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bitdefender Cyber-Threat Intelligence Lab"}], "datePublic": "2023-09-07T09:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The <span style=\"background-color: rgb(255, 255, 255);\">/irmdata/api/ endpoints exposed by the</span> IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}], "value": "The\u00a0/irmdata/api/ endpoints exposed by the\u00a0IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}], "impacts": [{"capecId": "CAPEC-61", "descriptions": [{"lang": "en", "value": "CAPEC-61 Session Fixation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82", "shortName": "Bitdefender", "dateUpdated": "2023-09-07T12:22:52.239Z"}, "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained"}], "source": {"discovery": "EXTERNAL"}, "title": "Use of Hard-coded Credentials in multiple /irmdata/api/ endpoints", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:10:20.742Z"}, "title": "CVE Program Container", "references": [{"url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:resortdata:internet_reservation_module_next_generation:-:*:*:*:*:*:*:*", "matchCriteriaId": "6BCCB65A-86A1-4C73-A33B-DE4E5B03F21F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The\u00a0/irmdata/api/ endpoints exposed by the\u00a0IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless."}, {"lang": "es", "value": "Los extremos /irmdata/api/ endpoints expuestos por el motor de reservas de IRM Next Generation autentican las solicitudes mediante tokens HMAC. Sin embargo, estos tokens se exponen en un archivo JavaScript cargado en el lado del cliente, lo que hace que este mecanismo de seguridad adicional sea in\u00fatil. "}], "id": "CVE-2023-39422", "lastModified": "2023-09-12T00:08:38.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "cve-requests@bitdefender.com", "type": "Secondary"}]}, "published": "2023-09-07T13:15:08.710", "references": [{"source": "cve-requests@bitdefender.com", "tags": ["Third Party Advisory"], "url": "https://bitdefender.com/blog/labs/check-out-with-extra-charges-vulnerabilities-in-hotel-booking-engine-explained"}], "sourceIdentifier": "cve-requests@bitdefender.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "cve-requests@bitdefender.com", "type": "Primary"}]}