GHSA-4VR3-9V7H-5F8V

Vulnerability from github – Published: 2019-06-18 15:38 – Updated: 2021-12-03 14:36
VLAI?
Summary
Low severity vulnerability that affects Gw2Sharp
Details

Leaking cached authenticated requests

Impact

If you've been using one MemoryCacheMethod object in multiple instances of Gw2WebApiClient and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug.

When using an instance of MemoryCacheMethod and using it with multiple instances of Gw2WebApiClient, there's a possibility that cached authenticated responses are leaking to another request to the same endpoint, but with a different Guild Wars 2 access token. The latter request wouldn't start however, and would return the first cached response immediately. This means that the second response (or later responses) may contain the same data as the first response, therefore leaking data from another authenticated endpoint.

The occurence of this is limited however. The Guild Wars 2 API doesn't use the Expires header on most (if not all) authenticated endpoints. This header is checked when caching responses. If this header isn't available, the response isn't cached at all. You should still update to at least version 0.3.1 in order to be certain that it won't happen.

Patches

This bug has been fixed in version 0.3.1. When using an authenticated endpoint, it will prepend the SHA-1 hash of the access token to the cache id.

Workarounds

For version 0.3.0 and lower, you can use one separate instance of MemoryCacheMethod per Gw2WebApiClient if you need to use it.

For more information

If you have any questions or comments about this advisory, you can open an issue in the Gw2Sharp repository or contact me on Discord.

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Gw2Sharp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:59:21Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "## Leaking cached authenticated requests\n\n### Impact\nIf you\u0027ve been using one `MemoryCacheMethod` object in multiple instances of `Gw2WebApiClient` and are requesting authenticated endpoints with different access tokens, then you are likely to run into this bug.\n\nWhen using an instance of `MemoryCacheMethod` and using it with multiple instances of `Gw2WebApiClient`, there\u0027s a possibility that cached authenticated responses are leaking to another request to the same endpoint, but with a different Guild Wars 2 access token. The latter request wouldn\u0027t start however, and would return the first cached response immediately. This means that the second response (or later responses) may contain the same data as the first response, therefore leaking data from another authenticated endpoint.\n\nThe occurence of this is limited however. The Guild Wars 2 API doesn\u0027t use the `Expires` header on most (if not all) authenticated endpoints. This header is checked when caching responses. If this header isn\u0027t available, the response isn\u0027t cached at all. You should still update to at least version 0.3.1 in order to be certain that it won\u0027t happen.\n\n### Patches\nThis bug has been fixed in version 0.3.1. When using an authenticated endpoint, it will prepend the SHA-1 hash of the access token to the cache id.\n\n### Workarounds\nFor version 0.3.0 and lower, you can use one separate instance of `MemoryCacheMethod` per `Gw2WebApiClient` if you need to use it.\n\n### For more information\nIf you have any questions or comments about this advisory, you can open an issue in [the Gw2Sharp repository](https://github.com/Archomeda/Gw2Sharp) or contact me on [Discord](https://discord.gg/hNcpDT3).\n",
  "id": "GHSA-4vr3-9v7h-5f8v",
  "modified": "2021-12-03T14:36:23Z",
  "published": "2019-06-18T15:38:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Archomeda/Gw2Sharp/security/advisories/GHSA-4vr3-9v7h-5f8v"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Archomeda/Gw2Sharp"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-4vr3-9v7h-5f8v"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Low severity vulnerability that affects Gw2Sharp"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.