CVE-2024-34065 - OpenCVE

Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Strapi	Strapi

Configuration 1 [-]

cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc

History

Thu, 26 Sep 2024 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Strapi Strapi strapi
CPEs		cpe:2.3:a:strapi:strapi::::::::
Vendors & Products		Strapi Strapi strapi

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-12T14:54:46.045Z

Updated: 2024-08-02T02:42:59.898Z

Reserved: 2024-04-30T06:56:33.381Z

Link: CVE-2024-34065

Vulnrichment

Updated: 2024-08-02T02:42:59.898Z

NVD

Status : Analyzed

Published: 2024-06-12T15:15:51.460

Modified: 2024-09-26T14:55:53.360

Link: CVE-2024-34065

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34065", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-30T06:56:33.381Z", "datePublished": "2024-06-12T14:54:46.045Z", "dateUpdated": "2024-08-02T02:42:59.898Z"}, "containers": {"cna": {"title": "@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass", "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "lang": "en", "description": "CWE-294: Authentication Bypass by Capture-replay", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-601", "lang": "en", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc"}], "affected": [{"vendor": "strapi", "product": "strapi", "versions": [{"version": "< 4.24.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-12T14:54:46.045Z"}, "descriptions": [{"lang": "en", "value": "Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch."}], "source": {"advisory": "GHSA-wrvh-rcmr-9qfc", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "strapi", "product": "strapi", "cpes": ["cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.24.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T16:08:21.487136Z", "id": "CVE-2024-34065", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T16:10:44.870Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.898Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "name": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.898Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34065", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T16:08:21.487136Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*"], "vendor": "strapi", "product": "strapi", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "4.24.1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T16:10:40.630Z"}}], "cna": {"title": "@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass", "source": {"advisory": "GHSA-wrvh-rcmr-9qfc", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "strapi", "product": "strapi", "versions": [{"status": "affected", "version": "< 4.24.2"}]}], "references": [{"url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "name": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-12T14:54:46.045Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34065", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.898Z", "dateReserved": "2024-04-30T06:56:33.381Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-12T14:54:46.045Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:strapi:strapi:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0B5DAE3-AC23-48C9-B266-7315B643700A", "versionEndExcluding": "4.24.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. Users should upgrade @strapi/plugin-users-permissions to version 4.24.2 to receive a patch."}, {"lang": "es", "value": "Strapi es un sistema de gesti\u00f3n de contenidos de c\u00f3digo abierto. Al combinar dos vulnerabilidades (un `Open Redirect` y un `token de sesi\u00f3n enviado como par\u00e1metro de consulta de URL`) en @strapi/plugin-users-permissions antes de la versi\u00f3n 4.24.2, es posible que un atacante no autenticado evite los mecanismos de autenticaci\u00f3n y recupere the 3rd party tokens. El ataque requiere la interacci\u00f3n del usuario (un clic). Los atacantes no autenticados pueden aprovechar dos vulnerabilidades para obtener un token de terceros y evitar la autenticaci\u00f3n de las aplicaciones Strapi. Los usuarios deben actualizar @strapi/plugin-users-permissions a la versi\u00f3n 4.24.2 para recibir un parche."}], "id": "CVE-2024-34065", "lastModified": "2024-09-26T14:55:53.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-12T15:15:51.460", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/strapi/strapi/security/advisories/GHSA-wrvh-rcmr-9qfc"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-294"}, {"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Secondary"}]}