nvd-json-data-feeds/CVE-2020/CVE-2020-151xx/CVE-2020-15134.json

{
  "id": "CVE-2020-15134",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2020-07-31T18:15:14.617",
  "lastModified": "2024-11-21T05:04:54.997",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory."
    },
    {
      "lang": "es",
      "value": "Faye versiones anteriores a 1.4.0, se presenta una falta de comprobaci\u00f3n de certificaci\u00f3n en los protocolos de enlace TLS. Faye usa em-http-request y faye-websocket en la versi\u00f3n de Ruby de su cliente. Ambas bibliotecas usan el m\u00e9todo \"EM::Connection#start_tls\" en EventMachine para implementar el protocolo de enlace TLS cada vez que una URL \"wss:\" es usada para la conexi\u00f3n. Este m\u00e9todo no implementa la verificaci\u00f3n de certificados por defecto, lo que significa que no comprueba que el servidor presenta un certificado TLS v\u00e1lido y confiable para el nombre de host esperado. Eso significa que cualquier conexi\u00f3n \"https:\" o \"wss:\" realizada con estas bibliotecas es vulnerable a un ataque de tipo man-in-the-middle, ya que no confirma la identidad del servidor al que est\u00e1 conectado. La primera petici\u00f3n que hace un cliente de Faye es enviada siempre por medio de HTTP normal, pero los mensajes posteriores pueden ser enviados por medio de WebSocket. Por lo tanto, es vulnerable al mismo problema que estas bibliotecas subyacentes, y necesit\u00e1bamos ambas bibliotecas para admitir la verificaci\u00f3n TLS antes de que Faye pudiera afirmar que hac\u00eda lo mismo. Su cliente todav\u00eda estar\u00eda no seguro si se verificara su petici\u00f3n HTTPS inicial, pero las conexiones WebSocket posteriores no. Esto es corregido en Faye versi\u00f3n v1.4.0, que permite la verificaci\u00f3n por defecto. Para obtener m\u00e1s informaci\u00f3n de fondo sobre este tema, consulte el Aviso de GitHub referenciado"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.8
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.8
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "baseScore": 6.4,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE"
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:faye_project:faye:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.4.0",
              "matchCriteriaId": "2ABAABF2-4BED-4A50-BC87-A43978ECAF2B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}