From b16bc694cd611af81a6aad23afbd4fb672ccc1d7 Mon Sep 17 00:00:00 2001 From: Steven Locke Date: Fri, 17 Jan 2020 10:40:32 -0800 Subject: [PATCH] Add CVE-2020-5397 Signed-off-by: Tim Hausler --- 2020/5xxx/CVE-2020-5397.json | 73 ++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 3 deletions(-) diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index d405d79102c..e17a9ca855d 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -3,16 +3,83 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-16T00:00:00.000Z", "ID": "CVE-2020-5397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.2", + "version_value": "v5.2.3.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.\n\nOnly non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. \n\nNo HTTP body can be sent or received as a result of this attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2020-5397", + "name": "https://pivotal.io/security/cve-2020-5397" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } } } \ No newline at end of file