cnvd - cnvd-2022-08027

CNVD-2022-08027

Vulnerability from cnvd - Published: 2022-01-30

Title

Umbraco密码重置漏洞

Description

Umbraco是丹麦Umbraco公司的一套C＃编写的开源的内容管理系统（CMS）。 Umbraco CMS存在密码重置漏洞，该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用该漏洞更改用户在重置密码时收到的URL拦截重置令牌从而接管帐户。

Severity

中

Patch Name

Umbraco密码重置漏洞的补丁

Patch Description

Umbraco是丹麦Umbraco公司的一套C＃编写的开源的内容管理系统（CMS）。 Umbraco CMS存在密码重置漏洞，该漏洞源于网络系统或产品中缺乏有效的信任管理机制。攻击者可利用该漏洞更改用户在重置密码时收到的URL拦截重置令牌从而接管帐户。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://umbraco.com/

Reference

https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/

Impacted products

Name
Umbraco Umbraco <9.2.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-22691",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-22691"
    }
  },
  "description": "Umbraco\u662f\u4e39\u9ea6Umbraco\u516c\u53f8\u7684\u4e00\u5957C\uff03\u7f16\u5199\u7684\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\n\nUmbraco CMS\u5b58\u5728\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7528\u6237\u5728\u91cd\u7f6e\u5bc6\u7801\u65f6\u6536\u5230\u7684URL\u62e6\u622a\u91cd\u7f6e\u4ee4\u724c\u4ece\u800c\u63a5\u7ba1\u5e10\u6237\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://umbraco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-08027",
  "openTime": "2022-01-30",
  "patchDescription": "Umbraco\u662f\u4e39\u9ea6Umbraco\u516c\u53f8\u7684\u4e00\u5957C\uff03\u7f16\u5199\u7684\u5f00\u6e90\u7684\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nUmbraco CMS\u5b58\u5728\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u4e2d\u7f3a\u4e4f\u6709\u6548\u7684\u4fe1\u4efb\u7ba1\u7406\u673a\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u66f4\u6539\u7528\u6237\u5728\u91cd\u7f6e\u5bc6\u7801\u65f6\u6536\u5230\u7684URL\u62e6\u622a\u91cd\u7f6e\u4ee4\u724c\u4ece\u800c\u63a5\u7ba1\u5e10\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Umbraco\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Umbraco Umbraco \u003c9.2.0"
  },
  "referenceLink": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-21",
  "title": "Umbraco\u5bc6\u7801\u91cd\u7f6e\u6f0f\u6d1e"
}

CVE-2022-22691 (GCVE-0-2022-22691)

Vulnerability from cvelistv5 – Published: 2022-01-18 16:52 – Updated: 2024-09-16 23:46

Summary

The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats.

Severity ?

6.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-640 - Weak Password Recovery Mechanism for Forgotten Password

Assigner

AppCheck

References

URL

Tags

https://appcheck-ng.com/umbraco-applicationurl-ov…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Umbraco	Umbraco CMS	Affected: unspecified , < 9.2.0 (custom)

Credits

AppCheck Ltd

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:21:48.808Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Umbraco CMS",
          "vendor": "Umbraco",
          "versions": [
            {
              "lessThan": "9.2.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "AppCheck Ltd"
        }
      ],
      "datePublic": "2022-01-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-640",
              "description": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-18T16:52:20",
        "orgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
        "shortName": "AppCheck"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Umbraco Password Reset URL Poison",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "info@appcheck-ng.com",
          "DATE_PUBLIC": "2022-01-18T14:26:00.000Z",
          "ID": "CVE-2022-22691",
          "STATE": "PUBLIC",
          "TITLE": "Umbraco Password Reset URL Poison"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Umbraco CMS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Umbraco"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "AppCheck Ltd"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The password reset component deployed within Umbraco uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to Umbraco users when so that it points to the attackers server thereby disclosing the password reset token if/when the link is followed. A related vulnerability (CVE-2022-22690) could allow this flaw to become persistent so that all password reset URLs are affected persistently following a successful attack. See the AppCheck advisory for further information and associated caveats."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-640 Weak Password Recovery Mechanism for Forgotten Password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/",
              "refsource": "MISC",
              "url": "https://appcheck-ng.com/umbraco-applicationurl-overwrite-persistent-password-reset-poison-cve-2022-22690-cve-2022-22691/"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c188fdb-58e1-4908-8fce-3e437b94f1ae",
    "assignerShortName": "AppCheck",
    "cveId": "CVE-2022-22691",
    "datePublished": "2022-01-18T16:52:20.429251Z",
    "dateReserved": "2022-01-05T00:00:00",
    "dateUpdated": "2024-09-16T23:46:59.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-08027

CVE-2022-22691 (GCVE-0-2022-22691)

Tags

Sightings

Nomenclature