Lucene search

[email protected]CVE-2021-31408

HistoryApr 23, 2021 - 5:15 p.m.

CVE-2021-31408

2021-04-2317:15:08

CWE-613

[email protected]

web.nvd.nist.gov

cve-2021-31408

authentication

logout()

com.vaadin

flow-client

fusion endpoints

vaadin 18

vaadin 19.

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Authentication.logout() helper in com.vaadin:flow-client versions 5.0.0 prior to 6.0.0 (Vaadin 18), and 6.0.0 through 6.0.4 (Vaadin 19.0.0 through 19.0.3) uses incorrect HTTP method, which, in combination with Spring Security CSRF protection, allows local attackers to access Fusion endpoints after the user attempted to log out.

Affected configurations

NVD

Node

vaadinflowRange5.0.0–6.0.0

vaadinflowRange6.0.0–6.0.5

vaadinvaadinRange19.0.0–19.0.4

vaadinvaadinMatch18.0.0-

CPENameOperatorVersion
vaadin:flowvaadin flowlt6.0.0
vaadin:flowvaadin flowlt6.0.5
vaadin:vaadinvaadinlt19.0.4
vaadin:vaadinvaadineq18.0.0

CPE	Name	Operator	Version
vaadin:flow	vaadin flow	lt	6.0.0
vaadin:flow	vaadin flow	lt	6.0.5
vaadin:vaadin	vaadin	lt	19.0.4
vaadin:vaadin	vaadin	eq	18.0.0

CNA Affected

[
  {
    "product": "Vaadin",
    "vendor": "Vaadin",
    "versions": [
      {
        "changes": [
          {
            "at": "19.0.0",
            "status": "unaffected"
          },
          {
            "at": "19.0.0",
            "status": "affected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "18.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "flow-client",
    "vendor": "Vaadin",
    "versions": [
      {
        "changes": [
          {
            "at": "6.0.0",
            "status": "unaffected"
          },
          {
            "at": "6.0.0",
            "status": "affected"
          }
        ],
        "lessThan": "*",
        "status": "affected",
        "version": "5.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/vaadin/flow/pull/10577

vaadin.com/security/cve-2021-31408

Social References

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for CVE-2021-31408

osv3 nvd1 vaadin1 prion1 veracode1 github2 cvelist1