CVE-2022-28109 (GCVE-0-2022-28109)

Vulnerability from cvelistv5 – Published: 2022-04-15 15:50 – Updated: 2024-08-03 05:48
VLAI
Summary
Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.
Severity
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T05:48:37.671Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"
          },
          {
            "name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-16T11:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"
        },
        {
          "name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-28109",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openwall.com/lists/oss-security/2022/02/07/3",
              "refsource": "MISC",
              "url": "https://www.openwall.com/lists/oss-security/2022/02/07/3"
            },
            {
              "name": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/",
              "refsource": "MISC",
              "url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/"
            },
            {
              "name": "[oss-security] 20220416 Re: Browser-mediated attacks on WebDriver servers",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2022/04/16/1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-28109",
    "datePublished": "2022-04-15T15:50:26.000Z",
    "dateReserved": "2022-03-28T00:00:00.000Z",
    "dateUpdated": "2024-08-03T05:48:37.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-28109",
      "date": "2026-05-30",
      "epss": "0.00349",
      "percentile": "0.57669"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.0.0\", \"matchCriteriaId\": \"1F051B81-A7AE-4D94-B701-9FC7F006AEEC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"324578B9-CAD2-4F95-91F2-76EDB5FD0A85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D35036-15ED-43D1-918D-E38FCAB10D52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"731C8648-E3E2-4D44-A828-46B628D10A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D76FAFC-B115-41AE-98AE-1128F5B6F492\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CD5D613-B4DF-4F6C-9593-70BF0DE2E06A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"E336A584-478F-4164-8F4C-6BC0FE32FB52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha6:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDE08E93-5199-4EA9-BD47-9B188994C542\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.\"}, {\"lang\": \"es\", \"value\": \"Selenium Selenium Grid (anteriormente Selenium Standalone Server) Corregido en versi\\u00f3n 4.0.0-alpha-7 est\\u00e1 afectado por: Un reencuadre de DNS. El impacto es: ejecutar c\\u00f3digo arbitrario (remoto). El componente es: WebDriver endpoint de Selenium Grid / Selenium Standalone Server. El vector de ataque es: Desencadenado por la navegaci\\u00f3n a un servidor web remoto malicioso. El endpoint WebDriver de Selenium Server (Grid) es vulnerable a un reencuadre de DNS. Esto puede ser usado para ejecutar c\\u00f3digo arbitrario en la m\\u00e1quina\"}]",
      "id": "CVE-2022-28109",
      "lastModified": "2024-11-21T06:56:46.477",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-04-15T16:15:07.897",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/16/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2022/02/07/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2022/04/16/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Mitigation\", \"Third Party Advisory\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2022/02/07/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-28109\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-15T16:15:07.897\",\"lastModified\":\"2024-11-21T06:56:46.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.\"},{\"lang\":\"es\",\"value\":\"Selenium Selenium Grid (anteriormente Selenium Standalone Server) Corregido en versi\u00f3n 4.0.0-alpha-7 est\u00e1 afectado por: Un reencuadre de DNS. El impacto es: ejecutar c\u00f3digo arbitrario (remoto). El componente es: WebDriver endpoint de Selenium Grid / Selenium Standalone Server. El vector de ataque es: Desencadenado por la navegaci\u00f3n a un servidor web remoto malicioso. El endpoint WebDriver de Selenium Server (Grid) es vulnerable a un reencuadre de DNS. Esto puede ser usado para ejecutar c\u00f3digo arbitrario en la m\u00e1quina\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.0.0\",\"matchCriteriaId\":\"1F051B81-A7AE-4D94-B701-9FC7F006AEEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"324578B9-CAD2-4F95-91F2-76EDB5FD0A85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D35036-15ED-43D1-918D-E38FCAB10D52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"731C8648-E3E2-4D44-A828-46B628D10A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D76FAFC-B115-41AE-98AE-1128F5B6F492\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD5D613-B4DF-4F6C-9593-70BF0DE2E06A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"E336A584-478F-4164-8F4C-6BC0FE32FB52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDE08E93-5199-4EA9-BD47-9B188994C542\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/16/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/02/07/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2022/04/16/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"https://www.openwall.com/lists/oss-security/2022/02/07/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.