GHSA-X3WG-P2FP-RPXQ

Vulnerability from github – Published: 2022-05-24 22:33 – Updated: 2022-05-24 22:33
VLAI?
Details

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.

Show details on source website
To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2020-8142"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-03T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A security restriction bypass vulnerability has been discovered in Revive Adserver version \u003c 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the \u201cpwold\u201d parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.",
  "id": "GHSA-x3wg-p2fp-rpxq",
  "modified": "2022-05-24T22:33:53Z",
  "published": "2022-05-24T22:33:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8142"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/792895"
    },
    {
      "type": "WEB",
      "url": "https://www.revive-adserver.com/security/revive-sa-2020-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.