CVE-2021-40642 (GCVE-0-2021-40642)

Vulnerability from cvelistv5 – Published: 2022-06-29 10:25 – Updated: 2024-08-04 02:51
VLAI?
Summary
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:51:06.279Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie\u0027s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-29T10:25:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-40642",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie\u0027s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9",
              "refsource": "MISC",
              "url": "https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9"
            },
            {
              "name": "https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/",
              "refsource": "MISC",
              "url": "https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-40642",
    "datePublished": "2022-06-29T10:25:00",
    "dateReserved": "2021-09-07T00:00:00",
    "dateUpdated": "2024-08-04T02:51:06.279Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.8.7\", \"matchCriteriaId\": \"B0025781-915E-4449-AB85-6689A54AF9AF\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie\u0027s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en Textpattern CMS versiones v4.8.7 y anteriores, se presenta mediante la cookie confidencial en la sesi\\u00f3n HTTPS sin el atributo \\\"Secure\\\" por medio del archivo textpattern/lib/txplib_misc.php. El flag seguro no est\\u00e1 establecida para la cookie de sesi\\u00f3n txp_login en la aplicaci\\u00f3n. Si el flag seguro no est\\u00e1 establecido, entonces la cookie ser\\u00e1 transmitida en texto sin cifrar si el usuario visita cualquier URL HTTP dentro del \\u00e1mbito de la cookie. Un atacante puede ser capaz de inducir este evento al alimentar al usuario con enlaces apropiados, ya sea directamente o por medio de otro sitio web\"}]",
      "id": "CVE-2021-40642",
      "lastModified": "2024-11-21T06:24:29.553",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-06-29T11:15:16.533",
      "references": "[{\"url\": \"https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-311\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-40642\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-06-29T11:15:16.533\",\"lastModified\":\"2024-11-21T06:24:29.553\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie\u0027s scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Textpattern CMS versiones v4.8.7 y anteriores, se presenta mediante la cookie confidencial en la sesi\u00f3n HTTPS sin el atributo \\\"Secure\\\" por medio del archivo textpattern/lib/txplib_misc.php. El flag seguro no est\u00e1 establecida para la cookie de sesi\u00f3n txp_login en la aplicaci\u00f3n. Si el flag seguro no est\u00e1 establecido, entonces la cookie ser\u00e1 transmitida en texto sin cifrar si el usuario visita cualquier URL HTTP dentro del \u00e1mbito de la cookie. Un atacante puede ser capaz de inducir este evento al alimentar al usuario con enlaces apropiados, ya sea directamente o por medio de otro sitio web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-311\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:textpattern:textpattern:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.8.7\",\"matchCriteriaId\":\"B0025781-915E-4449-AB85-6689A54AF9AF\"}]}]}],\"references\":[{\"url\":\"https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/textpattern/textpattern/commit/211fab0093999f59b0b61682aa988ac7d8337aa9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.huntr.dev/bounties/aadbe434-a376-443b-876f-2a1cbab7847b/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.