GSD-2017-3211

Vulnerability from gsd - Updated: 2023-12-13 01:21
Details
Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.
Aliases
Aliases
CVE-2017-3211
To clipboard 

{
  "GSD": {
    "alias": "CVE-2017-3211",
    "description": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.",
    "id": "GSD-2017-3211"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-3211"
      ],
      "details": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization.",
      "id": "GSD-2017-3211",
      "modified": "2023-12-13T01:21:16.859102Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "DATE_PUBLIC": "2017-05-17T00:00:00.000Z",
        "ID": "CVE-2017-3211",
        "STATE": "PUBLIC",
        "TITLE": "Centire Yopify leaks customer information"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Yopify",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "2017-04-06",
                          "version_value": "2017-04-06"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Centire"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site\u0027s source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl \u0027https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080\u0027\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site\u0027s customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn\u0027t have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n  \n"
        }
      ],
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-213 Intentional Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/",
            "refsource": "MISC",
            "url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/"
          }
        ]
      },
      "source": {
        "defect": [
          "R7-2017-05"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:yopify:yopify:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2017-04-06",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2017-3211"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-01-22T16:21Z",
      "publishedDate": "2020-01-15T17:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.