Common Weakness Enumeration

CWE-1265

Allowed

Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

Abstraction: Base · Status: Draft

The product invokes code that is believed to be reentrant, but the code performs a call that unintentionally produces a nested invocation of the non-reentrant code.

1 vulnerability references this CWE, most recent first.

GHSA-R2VQ-P658-P274

Vulnerability from github – Published: 2023-02-13 21:31 – Updated: 2023-02-23 22:07
VLAI
Summary
SameSite Attribute vulnerability in pimCore
Details

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "pimcore/pimcore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.5.16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-25240"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1265"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:29:53Z",
    "nvd_published_at": "2023-02-13T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.",
  "id": "GHSA-r2vq-p658-p274",
  "modified": "2023-02-23T22:07:55Z",
  "published": "2023-02-13T21:31:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25240"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/pimcore/pimCore-10.5.15"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pimcore/pimcore"
    },
    {
      "type": "WEB",
      "url": "https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SameSite Attribute vulnerability in pimCore"
}

Mitigation
Architecture and Design

When architecting a system that will execute untrusted code in response to events, consider executing the untrusted event handlers asynchronously (asynchronous message passing) as opposed to executing them synchronously at the time each event fires. The untrusted code should execute at the start of the next iteration of the thread's message loop. In this way, calls into non-reentrant code are strictly serialized, so that each operation completes fully before the next operation begins. Special attention must be paid to all places where type coercion may result in script execution. Performing all needed coercions at the very beginning of an operation can help reduce the chance of operations executing at unexpected junctures.

Mitigation
Implementation

Make sure the code (e.g., function or class) in question is reentrant by not leveraging non-local data, not modifying its own code, and not calling other non-reentrant code.

CAPEC-74: Manipulating State

The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.

State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.

If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data.