nvd-json-data-feeds/CVE-2024/CVE-2024-525xx/CVE-2024-52598.json

{
  "id": "CVE-2024-52598",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-11-20T15:15:11.667",
  "lastModified": "2024-11-21T13:57:24.187",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues."
    },
    {
      "lang": "es",
      "value": "2FAuth es una aplicaci\u00f3n web para administrar cuentas de autenticaci\u00f3n de dos factores (2FA) y generar sus c\u00f3digos de seguridad. Existen dos vulnerabilidades interconectadas en la versi\u00f3n 5.4.1: un problema de omisi\u00f3n de validaci\u00f3n de SSRF y URI. El endpoint en POST /api/v1/twofaccounts/preview permite configurar una URI remota para recuperar la imagen de un sitio 2fa. Al abusar de esta funcionalidad, es posible forzar a la aplicaci\u00f3n a realizar una solicitud GET a una URL arbitraria, cuyo contenido se almacenar\u00e1 en un archivo de imagen en el servidor si parece una imagen. Adem\u00e1s, la biblioteca realiza una validaci\u00f3n b\u00e1sica en la URI, intentando filtrar nuestras URI que no tienen una extensi\u00f3n de imagen. Sin embargo, esto se puede omitir f\u00e1cilmente agregando la cadena `#.svg` a la URI. La combinaci\u00f3n de estos dos problemas permite a un atacante recuperar URI accesibles desde la aplicaci\u00f3n, siempre que su tipo de contenido est\u00e9 basado en texto. Si no, la solicitud se env\u00eda de todos modos, pero la respuesta no se refleja al atacante. La versi\u00f3n 5.4.1 corrige los problemas."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        },
        {
          "lang": "en",
          "value": "CWE-80"
        },
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Bubka/2FAuth/security/advisories/GHSA-xwxc-w7v3-2p4j",
      "source": "security-advisories@github.com"
    }
  ]
}