admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-262xx/CVE-2020-26236.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

149 lines
6.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-26236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-11-20T18:15:11.963",
"lastModified": "2024-11-21T05:19:37.070",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins. A possible exploitation would follow these steps: 1. User starts login process. 2. Attacker attempts login for user, and is given the same verification code. 3. User comments code as part of their normal login. 4. Before user can, attacker completes the login process now that the code is commented. 5. User gets a failed login and attacker now has control of the account. Since commit a603769 starting a login twice will generate different verification codes, causing both user and attacker login to fail. For clients that rely on a clone of ScratchVerifier not hosted by the developers, their users may attempt to finish the login process as soon as possible after commenting the code. There is no reliable way for the attacker to know before the user can finish the process that the user has commented the code, so this vulnerability only really affects those who comment the code and then take several seconds before finishing the login."
},
{
"lang": "es",
"value": "En ScratchVerifier versiones anteriores al commit a603769, un atacante puede secuestrar el proceso de comprobaci\u00f3n para iniciar sesi\u00f3n en la cuenta de otra persona en cualquier sitio que use ScratchVerifier para iniciar sesi\u00f3n. Una posible explotaci\u00f3n seguir\u00eda estos pasos: 1. El usuario comienza el proceso de inicio de sesi\u00f3n. 2. El atacante intenta iniciar sesi\u00f3n por el usuario y recibe el mismo c\u00f3digo de comprobaci\u00f3n . 3. Un c\u00f3digo de comentarios de usuario como parte de su inicio de sesi\u00f3n normal. 4. Antes de que el usuario pueda, el atacante completa el proceso de inicio de sesi\u00f3n ahora que el c\u00f3digo es comentado. 5. El usuario obtiene un inicio de sesi\u00f3n fallido y el atacante ahora presenta el control de la cuenta. Dado que el commit a603769, comienza un inicio de sesi\u00f3n dos veces generar\u00e1 diferentes c\u00f3digos de comprobaci\u00f3n, causando un fallo al inicio de sesi\u00f3n del usuario y del atacante. Para los clientes que dependen de un clon de ScratchVerifier no alojado por los desarrolladores, sus usuarios pueden intentar finalizar el proceso de inicio de sesi\u00f3n lo antes posible despu\u00e9s de comentar el c\u00f3digo. No existe una forma confiable para que el atacante se entere antes que el usuario pueda finalizar el proceso que el usuario ha comentado el c\u00f3digo, por lo que esta vulnerabilidad solo afecta realmente a quienes comentan el c\u00f3digo y luego tardan varios segundos antes de finalizar el inicio de sesi\u00f3n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"baseScore": 5.1,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:scratchverifier:scratchverifier:*:*:*:*:*:*:*:*",
"versionEndExcluding": "a603769",
"matchCriteriaId": "9A0A98C4-97A6-464D-AB69-494E2A332B4F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ScratchVerifier/ScratchVerifier/commit/a603769010abf8c1bede91af46e4945314e4aa4a",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ScratchVerifier/ScratchVerifier/security/advisories/GHSA-99cr-hvf7-85g9",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/ScratchVerifier/ScratchVerifier/commit/a603769010abf8c1bede91af46e4945314e4aa4a",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/ScratchVerifier/ScratchVerifier/security/advisories/GHSA-99cr-hvf7-85g9",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink