Lucene search

GitHub Advisory DatabaseGHSA-35JJ-VQCF-F2JF

HistoryApr 26, 2023 - 7:45 p.m.

Hidden fields can be leaked on readable collections in Payload

2023-04-2619:45:04

CWE-200

GitHub Advisory Database

github.com

hidden fields

readable collections

payload leakage

brute force

access control

version < 1.7.0

workarounds

beforeoperation hook

detecting compromise

brute-force requests

where queries

software security

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

35.0%

JSON

Details

If a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force.

Affected versions: < 1.7.0

Workarounds

If you are unable to update, you can write a beforeOperation hook to remove where queries that attempt to access hidden field data.

Detecting Compromise

Monitor your instance for brute-force style requests against your instance using where queries.

Affected configurations

Vulners

Node

payloadRange<1.7.0

VendorProductVersionCPE
*payload*cpe:2.3:a:*:payload:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	payload	*	cpe:2.3:a::payload::::::::*

References

github.com/advisories/GHSA-35jj-vqcf-f2jf

github.com/payloadcms/payload/releases/tag/v1.7.0

github.com/payloadcms/payload/security/advisories/GHSA-35jj-vqcf-f2jf

nvd.nist.gov/vuln/detail/CVE-2023-30843

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

35.0%

JSON

Related for GHSA-35JJ-VQCF-F2JF