CVE-2021-43807
Vulnerability from cvelistv5
Published
2021-12-14 18:10
Modified
2024-08-04 04:03
Severity ?
EPSS score ?
Summary
HTTP Method Spoofing in Opencast
References
▼ | URL | Tags | |
---|---|---|---|
security-advisories@github.com | https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8 | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444 | Patch, Third Party Advisory | |
security-advisories@github.com | https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v | Exploit, Patch, Third Party Advisory |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T04:03:08.669Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "opencast", "vendor": "opencast", "versions": [ { "status": "affected", "version": "\u003c 9.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Opencast is an Open Source Lecture Capture \u0026 Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-290", "description": "CWE-290: Authentication Bypass by Spoofing", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-12-14T18:10:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444" } ], "source": { "advisory": "GHSA-j4mm-7pj3-jf7v", "discovery": "UNKNOWN" }, "title": "HTTP Method Spoofing in Opencast", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-43807", "STATE": "PUBLIC", "TITLE": "HTTP Method Spoofing in Opencast" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "opencast", "version": { "version_data": [ { "version_value": "\u003c 9.10" } ] } } ] }, "vendor_name": "opencast" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Opencast is an Open Source Lecture Capture \u0026 Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case." } ] }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-290: Authentication Bypass by Spoofing" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v", "refsource": "CONFIRM", "url": "https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v" }, { "name": "https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8", "refsource": "MISC", "url": "https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8" }, { "name": "https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444", "refsource": "MISC", "url": "https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444" } ] }, "source": { "advisory": "GHSA-j4mm-7pj3-jf7v", "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-43807", "datePublished": "2021-12-14T18:10:11", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-08-04T04:03:08.669Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2021-43807\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-12-14T18:15:08.573\",\"lastModified\":\"2021-12-20T13:31:02.703\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Opencast is an Open Source Lecture Capture \u0026 Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case.\"},{\"lang\":\"es\",\"value\":\"Opencast es un software de c\u00f3digo abierto para la captura de conferencias y administraci\u00f3n de v\u00eddeo para la educaci\u00f3n. Opencast versiones anteriores a la 9.10 permiten una suplantaci\u00f3n del m\u00e9todo HTTP, permitiendo cambiar el m\u00e9todo HTTP asumido por medio del par\u00e1metro de la URL. Esto permite a atacantes convertir las peticiones HTTP GET en peticiones PUT o un formulario HTTP para enviar peticiones DELETE. Esto evita las restricciones impuestas a este tipo de peticiones y ayuda a realizar ataques de tipo cross-site request forgery (CSRF), que de otro modo no ser\u00edan posibles. La vulnerabilidad permite a atacantes crear enlaces o formularios que pueden cambiar el estado del servidor. Este problema se ha corregido en Opencast versiones 9.10 y 10.0. Puede mitigar el problema al establecer el atributo \\\"SameSite=Strict\\\" para sus cookies. Si esta es una opci\u00f3n viable para usted depende de sus integraciones. Recomendamos encarecidamente la actualizaci\u00f3n en cualquier caso\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apereo:opencast:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.10\",\"matchCriteriaId\":\"10A0CE92-D18C-4969-8BD2-844A7DC167A7\"}]}]}],\"references\":[{\"url\":\"https://github.com/opencast/opencast/commit/59cb6731067283e54f15462be38b6117d8b9ea8b#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencast/opencast/commit/8f8271e1085f6f8e306c689d6a56b0bb8d076444\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencast/opencast/security/advisories/GHSA-j4mm-7pj3-jf7v\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.