CVE-2023-50708 - OpenCVE

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yiiframework	Yii2-authclient

Configuration 1 [-]

cpe:2.3:a:yiiframework:yii2-authclient:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121
https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420
https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248
https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T18:25:01.925Z

Updated: 2024-08-02T22:16:47.124Z

Reserved: 2023-12-11T17:53:36.027Z

Link: CVE-2023-50708

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-22T19:15:08.840

Modified: 2024-01-08T17:42:45.933

Link: CVE-2023-50708

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50708", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-11T17:53:36.027Z", "datePublished": "2023-12-22T18:25:01.925Z", "dateUpdated": "2024-08-02T22:16:47.124Z"}, "containers": {"cna": {"title": "yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation", "problemTypes": [{"descriptions": [{"cweId": "CWE-203", "lang": "en", "description": "CWE-203: Observable Discrepancy", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp"}, {"name": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248", "tags": ["x_refsource_MISC"], "url": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158", "tags": ["x_refsource_MISC"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121", "tags": ["x_refsource_MISC"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420", "tags": ["x_refsource_MISC"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420"}], "affected": [{"vendor": "yiisoft", "product": "yii2-authclient", "versions": [{"version": "< 2.2.15", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T18:25:01.925Z"}, "descriptions": [{"lang": "en", "value": "yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available."}], "source": {"advisory": "GHSA-w8vh-p74j-x9xp", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:16:47.124Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp"}, {"name": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121"}, {"name": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yiiframework:yii2-authclient:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA4F5AF6-EA08-40F8-9C22-EA09F0653F11", "versionEndExcluding": "2.2.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 `state` and OpenID Connect `nonce` is vulnerable for a `timing attack` since it is compared via regular string comparison (instead of `Yii::$app->getSecurity()->compareString()`). Version 2.2.15 contains a patch for the issue. No known workarounds are available."}, {"lang": "es", "value": "yii2-authclient es una extensi\u00f3n que agrega consumidores OpenID, OAuth, OAuth2 y OpenId Connect para el framework Yii 2.0. En yii2-authclient antes de la versi\u00f3n 2.2.15, el `state` de Oauth1/2 y el `nonce` de OpenID Connect son vulnerables a un `ataque de sincronizaci\u00f3n` ya que se compara mediante una comparaci\u00f3n de cadenas regular (en lugar de `Yii::$app- >getSecurity()->compareString()`). La versi\u00f3n 2.2.15 contiene un parche para el problema. No hay workarounds disponibles."}], "id": "CVE-2023-50708", "lastModified": "2024-01-08T17:42:45.933", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-12-22T19:15:08.840", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth1.php#L158"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OAuth2.php#L121"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/yiisoft/yii2-authclient/blob/0d1c3880f4d79e20aa1d77c012650b54e69695ff/src/OpenIdConnect.php#L420"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/yiisoft/yii2-authclient/commit/dabddf2154ab7e7703740205a069202554089248"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/yiisoft/yii2-authclient/security/advisories/GHSA-w8vh-p74j-x9xp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-203"}], "source": "security-advisories@github.com", "type": "Secondary"}]}