Vulnerability-Lookup

CVE-2024-41800 (GCVE-0-2024-41800)

Vulnerability from cvelistv5 – Published: 2024-07-25 16:12 – Updated: 2024-08-02 04:46

Title

Craft CMS Allows TOTP Token To Stay Valid After Use

Summary

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-287 - Improper Authentication

Assigner

GitHub_M

References

URL

Tags

	https://github.com/craftcms/cms/security/advisori…	x_refsource_CONFIRM
	https://github.com/craftcms/cms/commit/7c790fa5ad…	x_refsource_MISC
	https://github.com/craftcms/cms/releases/tag/5.2.3	x_refsource_MISC
	https://github.com/sbaresearch/advisories/tree/pu…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	craftcms	cms	Affected: >= 5.0.0-beta.1, < 5.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "craft_cms",
            "vendor": "craftcms",
            "versions": [
              {
                "lessThanOrEqual": "5.2.3",
                "status": "affected",
                "version": "5.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41800",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T15:26:45.640519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T15:28:42.358Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
          },
          {
            "name": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
          },
          {
            "name": "https://github.com/craftcms/cms/releases/tag/5.2.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
          },
          {
            "name": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cms",
          "vendor": "craftcms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-beta.1, \u003c 5.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\u0027s credentials. This has been patched in Craft 5.2.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-25T16:12:58.907Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
        },
        {
          "name": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
        },
        {
          "name": "https://github.com/craftcms/cms/releases/tag/5.2.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
        },
        {
          "name": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
        }
      ],
      "source": {
        "advisory": "GHSA-wmx7-pw49-88jx",
        "discovery": "UNKNOWN"
      },
      "title": "Craft CMS Allows TOTP Token To Stay Valid After Use"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41800",
    "datePublished": "2024-07-25T16:12:58.907Z",
    "dateReserved": "2024-07-22T13:57:37.135Z",
    "dateUpdated": "2024-08-02T04:46:52.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx\", \"name\": \"https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38\", \"name\": \"https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/craftcms/cms/releases/tag/5.2.3\", \"name\": \"https://github.com/craftcms/cms/releases/tag/5.2.3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use\", \"name\": \"https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:46:52.695Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41800\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-26T15:26:45.640519Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*\"], \"vendor\": \"craftcms\", \"product\": \"craft_cms\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"5.2.3\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-26T15:28:37.159Z\"}}], \"cna\": {\"title\": \"Craft CMS Allows TOTP Token To Stay Valid After Use\", \"source\": {\"advisory\": \"GHSA-wmx7-pw49-88jx\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"craftcms\", \"product\": \"cms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 5.0.0-beta.1, \u003c 5.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx\", \"name\": \"https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38\", \"name\": \"https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/craftcms/cms/releases/tag/5.2.3\", \"name\": \"https://github.com/craftcms/cms/releases/tag/5.2.3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use\", \"name\": \"https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\u0027s credentials. This has been patched in Craft 5.2.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-25T16:12:58.907Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-41800\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:46:52.695Z\", \"dateReserved\": \"2024-07-22T13:57:37.135Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-25T16:12:58.907Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-35173

Vulnerability from cnvd - Published: 2024-08-09

Title

Craft CMS访问控制错误漏洞

Description

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-beta.1版本至5.2.2版本存在访问控制错误漏洞，该漏洞源于允许在有效期内多次重复使用TOTP令牌。攻击者可利用该漏洞重新提交有效的TOTP令牌来建立经过身份验证的会话。

Severity

中

Patch Name

Craft CMS访问控制错误漏洞的补丁

Patch Description

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.0.0-beta.1版本至5.2.2版本存在访问控制错误漏洞，该漏洞源于允许在有效期内多次重复使用TOTP令牌。攻击者可利用该漏洞重新提交有效的TOTP令牌来建立经过身份验证的会话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-41800

Impacted products

Name
Craft CMS Craft CMS >=5.0.0-beta.1，<=5.2.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-41800",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-41800"
    }
  },
  "description": "Craft CMS\u662fCraft CMS\u5f00\u6e90\u7684\u4e00\u5957\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\n\nCraft CMS 5.0.0-beta.1\u7248\u672c\u81f35.2.2\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5141\u8bb8\u5728\u6709\u6548\u671f\u5185\u591a\u6b21\u91cd\u590d\u4f7f\u7528TOTP\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u65b0\u63d0\u4ea4\u6709\u6548\u7684TOTP\u4ee4\u724c\u6765\u5efa\u7acb\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u4f1a\u8bdd\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-35173",
  "openTime": "2024-08-09",
  "patchDescription": "Craft CMS\u662fCraft CMS\u5f00\u6e90\u7684\u4e00\u5957\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u3002\r\n\r\nCraft CMS 5.0.0-beta.1\u7248\u672c\u81f35.2.2\u7248\u672c\u5b58\u5728\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5141\u8bb8\u5728\u6709\u6548\u671f\u5185\u591a\u6b21\u91cd\u590d\u4f7f\u7528TOTP\u4ee4\u724c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u91cd\u65b0\u63d0\u4ea4\u6709\u6548\u7684TOTP\u4ee4\u724c\u6765\u5efa\u7acb\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u4f1a\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Craft CMS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Craft CMS Craft CMS \u003e=5.0.0-beta.1\uff0c\u003c=5.2.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2024-41800",
  "serverity": "\u4e2d",
  "submitTime": "2024-07-29",
  "title": "Craft CMS\u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e"
}

FKIE_CVE-2024-41800

Vulnerability from fkie_nvd - Published: 2024-07-25 17:15 - Updated: 2024-11-21 09:33

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38	Patch
security-advisories@github.com	https://github.com/craftcms/cms/releases/tag/5.2.3	Release Notes
security-advisories@github.com	https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx	Vendor Advisory
security-advisories@github.com	https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/craftcms/cms/releases/tag/5.2.3	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use	Third Party Advisory

Impacted products

Vendor	Product	Version
craftcms	craft_cms	*
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0
craftcms	craft_cms	5.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42C47425-3771-48C2-A7AF-C3CC3D0FE14C",
              "versionEndExcluding": "5.2.3",
              "versionStartIncluding": "5.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "14D9846D-FC0A-468A-9C38-9B7DBF7CAC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta10:*:*:*:*:*:*",
              "matchCriteriaId": "37194977-B7C4-444A-A192-754559F82880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta11:*:*:*:*:*:*",
              "matchCriteriaId": "C9CCA076-E687-4F16-9FD8-B93B61098A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "71C58619-7E6E-4F78-8E52-70893D2C9FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "9559946D-B0FB-4A76-A22B-D36F61EA7399",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "6109220A-7C22-4F63-A52B-A2C98143AB98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "6FD35B52-3F32-4BD9-91A5-1FDEED711AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "15B50ECD-79E4-48C3-B9F5-0DA89776775A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "3FEBF72C-FE4A-416D-BA61-20AEB75114DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "AFB3C237-FC2F-44D2-82C4-E330ED93BC62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "A1FE2434-F974-4FCE-A96E-A47F490FD208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "8D8E02D1-601A-4E2B-B619-4775BFDB72D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\u0027s credentials. This has been patched in Craft 5.2.3."
    },
    {
      "lang": "es",
      "value": "Craft es un sistema de gesti\u00f3n de contenidos (CMS). Craft CMS 5 permite la reutilizaci\u00f3n de tokens TOTP varias veces dentro del per\u00edodo de validez. Un atacante puede volver a enviar un token TOTP v\u00e1lido para establecer una sesi\u00f3n autenticada. Esto requiere que el atacante tenga conocimiento de las credenciales de la v\u00edctima. Esto ha sido parcheado en Craft 5.2.3."
    }
  ],
  "id": "CVE-2024-41800",
  "lastModified": "2024-11-21T09:33:05.817",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-25T17:15:11.203",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WMX7-PW49-88JX

Vulnerability from github – Published: 2024-07-25 17:58 – Updated: 2024-07-26 21:40

Summary

Craft CMS Allows TOTP Token To Stay Valid After Use

Details

Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period.

Impact

An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials.

A TOTP token can be used multiple times to establish an authenticated session. RFC 6238 insists that an OTP must not be used more than once.

The verifier MUST NOT accept the second attempt of the OTP after the successful validation has been issued for the first OTP, which ensures one-time only use of an OTP.

The OWASP Application Security Verification Standard v4.0.3 (ASVS) reiterates this property with requirement 2.8.4.

Verify that time-based OTP can be used only once within the validity period.

It should also be noted that the validity period of an TOTP token is 2 minutes. This makes a successful brute force attack more likely, since the four tokens are valid at the same time.

Patches

This has been patched in Craft 5.2.3.

References:

https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV 2024061701_CraftCMS_TOTP_Valid_After_Use

https://github.com/craftcms/cms/releases/tag/5.2.3

Severity ?

4.8 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

6.0 (Medium)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.2.2"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "craftcms/cms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0-beta.1"
            },
            {
              "fixed": "5.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41800"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-25T17:58:01Z",
    "nvd_published_at": "2024-07-25T17:15:11Z",
    "severity": "MODERATE"
  },
  "details": "Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period.\n\n### Impact\n\nAn attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim\u0027s credentials.\n\nA TOTP token can be used multiple times to establish an authenticated session.\n[RFC 6238](https://www.rfc-editor.org/rfc/rfc6238) insists that an OTP must not be used more than once.\n\n\u003e The verifier MUST NOT accept the second attempt of the OTP after the successful validation has been issued for the first OTP, which ensures one-time only use of an OTP.\n\nThe OWASP Application Security Verification Standard v4.0.3 (ASVS) [reiterates\nthis property with requirement 2.8.4](https://github.com/OWASP/ASVS/blob/v4.0.3/4.0/en/0x11-V2-Authentication.md#v28-one-time-verifier).\n\n\u003e Verify that time-based OTP can be used only once within the validity period.\n\nIt should also be noted that the validity period of an TOTP token is 2 minutes. This makes a successful brute force attack more likely, since the four tokens are valid at the same time.\n\n### Patches\n\nThis has been patched in Craft 5.2.3.\n\nReferences:\n\nhttps://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV 2024061701_CraftCMS_TOTP_Valid_After_Use\n\nhttps://github.com/craftcms/cms/releases/tag/5.2.3",
  "id": "GHSA-wmx7-pw49-88jx",
  "modified": "2024-07-26T21:40:26Z",
  "published": "2024-07-25T17:58:01Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41800"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/craftcms/cms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/craftcms/cms/releases/tag/5.2.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Craft CMS Allows TOTP Token To Stay Valid After Use"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-41800 (GCVE-0-2024-41800)

CNVD-2024-35173

FKIE_CVE-2024-41800

GHSA-WMX7-PW49-88JX

Impact

Patches

Tags

Sightings

Nomenclature