GSD-2022-29254
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-29254",
"description": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.",
"id": "GSD-2022-29254"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-29254"
],
"details": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.",
"id": "GSD-2022-29254",
"modified": "2023-12-13T01:19:41.758360Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29254",
"STATE": "PUBLIC",
"TITLE": "Failed payment recorded has completed in silverstripe/silverstripe-omnipay"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "silverstripe-omnipay",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.2"
},
{
"version_value": "\u003e= 3.0.0, \u003c 3.0.2"
},
{
"version_value": "\u003e= 3.1.0, \u003c 3.1.4"
},
{
"version_value": "\u003e= 3.2.0, \u003c 3.2.1"
}
]
}
}
]
},
"vendor_name": "silverstripe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-436: Interpretation Conflict"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x",
"refsource": "CONFIRM",
"url": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x"
},
{
"name": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b",
"refsource": "MISC",
"url": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b"
}
]
},
"source": {
"advisory": "GHSA-48f2-m7jg-866x",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.5.2||\u003e=3.0.0,\u003c3.0.2||\u003e=3.1.0,\u003c3.1.4||\u003e=3.2.0,\u003c3.2.1",
"affected_versions": "All versions starting before 2.5.2, all versions starting from 3.0.0 before 3.0.2, all versions starting from 3.1.0 before 3.1.4, all versions starting from 3.2.0 before 3.2.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-436",
"CWE-937"
],
"date": "2022-06-17",
"description": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability.",
"fixed_versions": [
"2.5.2",
"3.0.2",
"3.1.4",
"3.2.1"
],
"identifier": "CVE-2022-29254",
"identifiers": [
"CVE-2022-29254",
"GHSA-48f2-m7jg-866x",
"GMS-2022-1827"
],
"not_impacted": "All versions starting from 2.5.2 before 3.0.0, all versions starting from 3.0.2 before 3.1.0, all versions starting from 3.1.4 before 3.2.0, all versions after 3.2.1.",
"package_slug": "packagist/silverstripe/silverstripe-omnipay",
"pubdate": "2022-06-09",
"solution": "Upgrade to versions 2.5.2, 3.0.2, 3.1.4, 3.2.1 or above.",
"title": "Interpretation Conflict",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-29254",
"https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b",
"https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/2.5.2",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.0.2",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.1.4",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.2.1",
"https://github.com/advisories/GHSA-48f2-m7jg-866x"
],
"uuid": "c580c932-b686-4d16-80d4-589af67a2fc5"
},
{
"affected_range": "\u003c0",
"affected_versions": "All versions before 2.5.2, all versions starting from 3.0.0 before 3.0.2, all versions starting from 3.1.0 before 3.1.4, all versions starting from 3.2.0 before 3.2.1",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-06-06",
"description": "### Impact\nFor a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data.\n\n### Patches\nThe following versions have been patched to fix this issue:\n\n- `2.5.2`\n- `3.0.2`\n- `3.1.4`\n- `3.2.1`\n\n### Workarounds\nThere are no known workarounds for this vulnerability.\n\n### References\nN/A.\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [security@silverstripe.org](mailto:security@silverstripe.org)\n",
"fixed_versions": [
"2.5.2",
"3.0.2",
"3.1.4",
"3.2.1"
],
"identifier": "GMS-2022-1827",
"identifiers": [
"GHSA-48f2-m7jg-866x",
"GMS-2022-1827",
"CVE-2022-29254"
],
"not_impacted": "All versions starting from 2.5.2 before 3.0.0, all versions starting from 3.0.2 before 3.1.0, all versions starting from 3.1.4 before 3.2.0, all versions starting from 3.2.1",
"package_slug": "packagist/silverstripe/silverstripe-omnipay",
"pubdate": "2022-06-06",
"solution": "Upgrade to versions 2.5.2, 3.0.2, 3.1.4, 3.2.1 or above.",
"title": "Duplicate of ./packagist/silverstripe/silverstripe-omnipay/CVE-2022-29254.yml",
"urls": [
"https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x",
"https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/2.5.2",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.0.2",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.1.4",
"https://github.com/silverstripe/silverstripe-omnipay/releases/tag/3.2.1",
"https://github.com/advisories/GHSA-48f2-m7jg-866x"
],
"uuid": "d1133487-86f2-4e44-99b9-aefb6f99bb65"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:silverstripe:silverstripe-omnipay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.1",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:silverstripe:silverstripe-omnipay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.1.4",
"versionStartIncluding": "3.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:silverstripe:silverstripe-omnipay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.2",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:silverstripe:silverstripe-omnipay:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.5.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29254"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-omnipay/commit/7dee9a1e0a5f54c2dc06e018cff3d9a19044e01b"
},
{
"name": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/silverstripe/silverstripe-omnipay/security/advisories/GHSA-48f2-m7jg-866x"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-06-17T16:26Z",
"publishedDate": "2022-06-09T07:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…