From 8211bf56cf6501faef9c0af6daf9a54046ae52b9 Mon Sep 17 00:00:00 2001 From: snyk-security-bot <66014823+snyk-security-bot@users.noreply.github.com> Date: Mon, 25 Jul 2022 15:05:39 +0100 Subject: [PATCH] Adds CVE-2021-23385 --- 2021/23xxx/CVE-2021-23385.json | 84 ++++++++++++++++++++++++++++++++-- 1 file changed, 80 insertions(+), 4 deletions(-) diff --git a/2021/23xxx/CVE-2021-23385.json b/2021/23xxx/CVE-2021-23385.json index 0b60bc07b4f..b9bc5ecdc1a 100644 --- a/2021/23xxx/CVE-2021-23385.json +++ b/2021/23xxx/CVE-2021-23385.json @@ -3,16 +3,92 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "report@snyk.io", + "DATE_PUBLIC": "2022-07-25T14:05:38.280549Z", "ID": "CVE-2021-23385", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Open Redirect" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Flask-Security", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_value": "0" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://security.snyk.io/vuln/SNYK-PYTHON-FLASKSECURITY-1293234" + }, + { + "refsource": "CONFIRM", + "url": "https://github.com/mattupstate/flask-security" + }, + { + "refsource": "CONFIRM", + "url": "https://snyk.io/blog/url-confusion-vulnerabilities/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "This affects all versions of package Flask-Security.\n When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\\\\evil.com/path.\r\n\r\nThis vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.\r\n\r\n**Note:** Flask-Security is not maintained anymore.\n" } ] - } + }, + "impact": { + "cvss": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + } + }, + "credit": [ + { + "lang": "eng", + "value": "Noam Moshe of Claroty" + } + ] } \ No newline at end of file