Vulnerability-Lookup

Vulnerability from drupal

Published

2024-12-04 14:40

Modified

2025-02-20 20:07

Summary

Details

This module enables you to authenticate users through an Identity Provider (IdP) or OAuth Server, allowing them to log in to your Drupal site.

The module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is missing in the response.

Credits

Borut Piletic www.drupal.org/user/2714887

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "affected_versions": "\u003e=3.32.0 \u003c3.44.0 || \u003e=4.0.1 \u003c4.0.19",
        "patched": true
      },
      "package": {
        "ecosystem": "Packagist:https://packages.drupal.org/8",
        "name": "drupal/miniorange_oauth_client"
      },
      "ranges": [
        {
          "database_specific": {
            "constraint": "\u003e=3.32.0 \u003c3.44.0"
          },
          "events": [
            {
              "introduced": "3.32.0"
            },
            {
              "fixed": "3.44.0"
            }
          ],
          "type": "ECOSYSTEM"
        },
        {
          "database_specific": {
            "constraint": "\u003e=4.0.1 \u003c4.0.19"
          },
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "fixed": "4.0.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "severity": []
    }
  ],
  "aliases": [
    "CVE-2024-13301"
  ],
  "credits": [
    {
      "contact": [
        "https://www.drupal.org/user/2714887"
      ],
      "name": "Borut Piletic"
    }
  ],
  "details": "This module enables you to authenticate users through an Identity Provider (IdP) or OAuth Server, allowing them to log in to your Drupal site.\n\nThe module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is missing in the response.",
  "id": "DRUPAL-CONTRIB-2024-067",
  "modified": "2025-02-20T20:07:11.000Z",
  "published": "2024-12-04T14:40:50.000Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-contrib-2024-067"
    }
  ],
  "schema_version": "1.7.0"
}

CVE-2024-13301 (GCVE-0-2024-13301)

Vulnerability from cvelistv5 – Published: 2025-01-09 20:23 – Updated: 2025-01-10 16:15

Title

OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

drupal

References

URL

Tags

https://www.drupal.org/sa-contrib-2024-067

Impacted products

	Vendor	Product	Version
	Drupal	OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client)	Affected: 3.0.0 , < 3.44.0 (semver) Affected: 4.0.0 , < 4.0.19 (semver)

Credits

Borut Piletic Borut Piletic singh_ankit Ivo Van Geertruyen Greg Knaddison Damien McKenna

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-13301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T16:14:55.490223Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T16:15:41.342Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/miniorange_oauth_client",
          "defaultStatus": "unaffected",
          "product": "OAuth \u0026 OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client)",
          "repo": "https://git.drupalcode.org/project/miniorange_oauth_client",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "3.44.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.0.19",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Borut Piletic"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Borut Piletic"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "singh_ankit"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ivo  Van Geertruyen"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Greg Knaddison"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Damien McKenna"
        }
      ],
      "datePublic": "2024-12-04T14:40:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal OAuth \u0026amp; OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects OAuth \u0026amp; OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19.\u003c/p\u003e"
            }
          ],
          "value": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027) vulnerability in Drupal OAuth \u0026 OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth \u0026 OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-09T20:23:31.496Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-contrib-2024-067"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "OAuth \u0026 OpenID Connect Single Sign On \u2013 SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2024-13301",
    "datePublished": "2025-01-09T20:23:31.496Z",
    "dateReserved": "2025-01-09T18:28:37.080Z",
    "dateUpdated": "2025-01-10T16:15:41.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

Vulnerability from drupal

CVE-2024-13301 (GCVE-0-2024-13301)

Tags

Sightings

Nomenclature