CVE-2020-15237 Timing attack in Shrine

2020-10-0518:30:14

CWE-208

CWE-203

GitHub_M

www.cve.org

shrine plugin

timing attack

cve-2020-15237

derivation endpoint vulnerability

rack::utils.secure_compare

upgrade

workaround

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

51.2%

JSON

In Shrine before version 3.3.0, when using the derivation_endpoint plugin, it’s possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.secure_compare. Users using the derivation_endpoint plugin are urged to upgrade to Shrine 3.3.0 or greater. A possible workaround is provided in the linked advisory.

CNA Affected

[
  {
    "product": "shrine",
    "vendor": "shrinerb",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.3.0"
      }
    ]
  }
]