CVE-2023-5590 - Vulnerability Details - OpenCVE

NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Selenium	Selenium

Configuration 1 [-]

cpe:2.3:a:selenium:selenium:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6
https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99
https://nvd.nist.gov/vuln/detail/CVE-2023-5590
https://www.cve.org/CVERecord?id=CVE-2023-5590

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-10-15T22:14:03.767Z

Updated: 2024-09-16T20:00:02.076Z

Reserved: 2023-10-15T22:13:53.229Z

Link: CVE-2023-5590

Vulnrichment

Updated: 2024-08-02T08:07:31.897Z

NVD

Status : Modified

Published: 2023-10-15T23:15:44.857

Modified: 2024-11-21T08:42:05.050

Link: CVE-2023-5590

Redhat

Severity : Moderate

Publid Date: 2023-10-16T00:00:00Z

Links: CVE-2023-5590 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5590", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-10-15T22:13:53.229Z", "datePublished": "2023-10-15T22:14:03.767Z", "dateUpdated": "2024-09-16T20:00:02.076Z"}, "containers": {"cna": {"title": "NULL Pointer Dereference in seleniumhq/selenium", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-15T22:14:03.767Z"}, "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0."}], "affected": [{"vendor": "seleniumhq", "product": "seleniumhq/selenium", "versions": [{"version": "unspecified", "lessThan": "4.14.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99"}, {"url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-476 NULL Pointer Dereference", "cweId": "CWE-476"}]}], "source": {"advisory": "e268cd68-4f34-49bd-878b-82b96dcc0c99", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:31.897Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99", "tags": ["x_transferred"]}, {"url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-16T19:59:51.174252Z", "id": "CVE-2023-5590", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T20:00:02.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99", "tags": ["x_transferred"]}, {"url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:07:31.897Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5590", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-16T19:59:51.174252Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-16T19:59:57.420Z"}}], "cna": {"title": "NULL Pointer Dereference in seleniumhq/selenium", "source": {"advisory": "e268cd68-4f34-49bd-878b-82b96dcc0c99", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "seleniumhq", "product": "seleniumhq/selenium", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "4.14.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99"}, {"url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6"}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-10-15T22:14:03.767Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5590", "state": "PUBLISHED", "dateUpdated": "2024-09-16T20:00:02.076Z", "dateReserved": "2023-10-15T22:13:53.229Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-10-15T22:14:03.767Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:selenium:selenium:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7F99E6A-73B9-4154-BCC9-93421E29945A", "versionEndExcluding": "4.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0."}, {"lang": "es", "value": "Eliminaci\u00f3n de referencia del puntero NULL en el repositorio de GitHub seleniumhq/selenium anterior a 4.14.0."}], "id": "CVE-2023-5590", "lastModified": "2024-11-21T08:42:05.050", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-15T23:15:44.857", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/e268cd68-4f34-49bd-878b-82b96dcc0c99"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@huntr.dev", "type": "Secondary"}]}

{"bugzilla": {"description": "selenium: potential null pointer access in CookieManager", "id": "2244345", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244345"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0.", "A null pointer dereference flaw was found in Selenium IEDriver. This issue causes the driver to crash when selenium gets the cookies from an attacker controlled page, which could leave the application unavailable."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently known for the IE Driver. If possible, opt for another browser driver."}, "name": "CVE-2023-5590", "package_state": [{"cpe": "cpe:/a:redhat:amq_broker:7", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat AMQ Broker 7"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat Integration Camel Quarkus 2"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "selenium", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "selenium", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "selenium", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Fix deferred", "impact": "low", "package_name": "selenium", "product_name": "Red Hat Single Sign-On 7"}], "public_date": "2023-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5590\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5590\nhttps://github.com/seleniumhq/selenium/commit/023a0d52f106321838ab1c0997e76693f4dcbdf6"], "statement": "Successful exploitation of this issue depends on the IE Driver being used and also available to the external malicious user to redirect to a malicious page in order to consume a malicious cookie that may crash the environment. Therefore, this flaw is rated as having a Moderate impact. \nRed Hat Single Sign-On uses part of the integration tests only, therefore, it is rated as a Low impact.", "threat_severity": "Moderate"}