CVE-2020-15679 (GCVE-0-2020-15679)

Vulnerability from cvelistv5 – Published: 2022-12-22 00:00 – Updated: 2025-04-16 15:52
VLAI?
Summary
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).
Severity ?
7.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CWE
  • OAuth Session Fixation on VPN login
Assigner
References
Impacted products
Vendor Product Version
Mozilla Mozilla VPN iOS 1.0.7 Affected: unspecified , < (929) (custom)
Create a notification for this product.
    Mozilla Mozilla VPN Windows Affected: unspecified , < 1.2.2 (custom)
Create a notification for this product.
    Mozilla Mozilla VPN Android 1.1.0 Affected: unspecified , < (1360) (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:22:30.719Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.mozilla.org/security/advisories/mfsa2020-48/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.6,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-15679",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:42:49.748935Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-384",
                "description": "CWE-384 Session Fixation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:52:55.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Mozilla VPN iOS 1.0.7",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "(929)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Mozilla VPN Windows",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "1.2.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Mozilla VPN Android 1.1.0",
          "vendor": "Mozilla",
          "versions": [
            {
              "lessThan": "(1360)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 \u003c (929), Mozilla VPN Windows \u003c 1.2.2, and Mozilla VPN Android 1.1.0 \u003c (1360)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OAuth Session Fixation on VPN login",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-22T00:00:00.000Z",
        "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
        "shortName": "mozilla"
      },
      "references": [
        {
          "url": "https://www.mozilla.org/security/advisories/mfsa2020-48/"
        },
        {
          "url": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b"
        },
        {
          "url": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9"
        },
        {
          "url": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
    "assignerShortName": "mozilla",
    "cveId": "CVE-2020-15679",
    "datePublished": "2022-12-22T00:00:00.000Z",
    "dateReserved": "2020-07-10T00:00:00.000Z",
    "dateUpdated": "2025-04-16T15:52:55.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:iphone_os:*:*\", \"versionEndExcluding\": \"1.0.7_\\\\(929\\\\)\", \"matchCriteriaId\": \"BCE5840F-B8E4-4B91-AF81-123C0E5DC0D7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:windows:*:*\", \"versionEndExcluding\": \"1.2.2\", \"matchCriteriaId\": \"4923D7EA-8A4F-485F-ADB0-C56BBDC420EA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:ipados:*:*\", \"versionStartIncluding\": \"1.0.7\", \"versionEndExcluding\": \"1.0.7_\\\\(929\\\\)\", \"matchCriteriaId\": \"CE3CB7D7-49C2-4516-8110-6E5B4FCB450B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:android:*:*\", \"versionStartIncluding\": \"1.1.0\", \"versionEndExcluding\": \"1.1.0_\\\\(1360\\\\)\", \"matchCriteriaId\": \"3A2E0580-85D3-4DA0-A6D6-F56B9E60A432\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 \u003c (929), Mozilla VPN Windows \u003c 1.2.2, and Mozilla VPN Android 1.1.0 \u003c (1360).\"}, {\"lang\": \"es\", \"value\": \"Exist\\u00eda una vulnerabilidad de reparaci\\u00f3n de sesi\\u00f3n de OAuth en el flujo de inicio de sesi\\u00f3n de VPN, donde un atacante pod\\u00eda crear una URL de inicio de sesi\\u00f3n personalizada, convencer a un usuario de VPN para que iniciara sesi\\u00f3n a trav\\u00e9s de esa URL y obtener acceso autenticado como ese usuario. Este problema se limita a los casos en los que el atacante y la v\\u00edctima comparten la misma IP de origen y podr\\u00eda permitir la posibilidad de ver los estados de las sesiones y desconectar las sesiones de VPN. Esta vulnerabilidad afecta a Mozilla VPN iOS 1.0.7 \u0026lt; (929), Mozilla VPN Windows \u0026lt; 1.2.2 y Mozilla VPN Android 1.1.0 \u0026lt; (1360).\"}]",
      "id": "CVE-2020-15679",
      "lastModified": "2024-11-21T05:06:00.077",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.7}]}",
      "published": "2022-12-22T20:15:10.730",
      "references": "[{\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\", \"source\": \"security@mozilla.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\", \"source\": \"security@mozilla.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\", \"source\": \"security@mozilla.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-48/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-48/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@mozilla.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-384\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-15679\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2022-12-22T20:15:10.730\",\"lastModified\":\"2025-04-16T16:15:17.350\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 \u003c (929), Mozilla VPN Windows \u003c 1.2.2, and Mozilla VPN Android 1.1.0 \u003c (1360).\"},{\"lang\":\"es\",\"value\":\"Exist\u00eda una vulnerabilidad de reparaci\u00f3n de sesi\u00f3n de OAuth en el flujo de inicio de sesi\u00f3n de VPN, donde un atacante pod\u00eda crear una URL de inicio de sesi\u00f3n personalizada, convencer a un usuario de VPN para que iniciara sesi\u00f3n a trav\u00e9s de esa URL y obtener acceso autenticado como ese usuario. Este problema se limita a los casos en los que el atacante y la v\u00edctima comparten la misma IP de origen y podr\u00eda permitir la posibilidad de ver los estados de las sesiones y desconectar las sesiones de VPN. Esta vulnerabilidad afecta a Mozilla VPN iOS 1.0.7 \u0026lt; (929), Mozilla VPN Windows \u0026lt; 1.2.2 y Mozilla VPN Android 1.1.0 \u0026lt; (1360).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":4.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:iphone_os:*:*\",\"versionEndExcluding\":\"1.0.7_\\\\(929\\\\)\",\"matchCriteriaId\":\"BCE5840F-B8E4-4B91-AF81-123C0E5DC0D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"1.2.2\",\"matchCriteriaId\":\"4923D7EA-8A4F-485F-ADB0-C56BBDC420EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:ipados:*:*\",\"versionStartIncluding\":\"1.0.7\",\"versionEndExcluding\":\"1.0.7_\\\\(929\\\\)\",\"matchCriteriaId\":\"CE3CB7D7-49C2-4516-8110-6E5B4FCB450B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:vpn:*:*:*:*:*:android:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndExcluding\":\"1.1.0_\\\\(1360\\\\)\",\"matchCriteriaId\":\"3A2E0580-85D3-4DA0-A6D6-F56B9E60A432\"}]}]}],\"references\":[{\"url\":\"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\",\"source\":\"security@mozilla.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\",\"source\":\"security@mozilla.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\",\"source\":\"security@mozilla.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-48/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2020-48/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-48/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T13:22:30.719Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-15679\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:42:49.748935Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-384\", \"description\": \"CWE-384 Session Fixation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:44:03.827Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Mozilla VPN iOS 1.0.7\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"(929)\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Mozilla VPN Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"1.2.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Mozilla VPN Android 1.1.0\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"(1360)\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2020-48/\"}, {\"url\": \"https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b\"}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9\"}, {\"url\": \"https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 \u003c (929), Mozilla VPN Windows \u003c 1.2.2, and Mozilla VPN Android 1.1.0 \u003c (1360).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"OAuth Session Fixation on VPN login\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2022-12-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-15679\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T15:52:55.162Z\", \"dateReserved\": \"2020-07-10T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2022-12-22T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.