Lucene search

K
osvGoogleOSV:GHSA-MXR5-MC97-63RC
HistoryAug 30, 2021 - 4:13 p.m.

Account Takeover in Octobercms

2021-08-3016:13:02
Google
osv.dev
20

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%

Impact

An attacker can request an account password reset and then gain access to the account using a specially crafted request.

  • To exploit this vulnerability, an attacker must know the username of an administrator and have access to the password reset form.

Patches

Workarounds

Apply https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374 and https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9 to your installation manually if you are unable to upgrade.

[Update 2022-01-20] Shortened patch instructions can be found here.

Recommendations

We recommend the following steps to make sure your server stays secure:

  • Keep server OS and system software up to date.
  • Keep October CMS software up to date.
  • Use a multi-factor authentication plugin.
  • Change the default backend URL or block public access to the backend area.
  • Include the Roave/SecurityAdvisories Composer package to ensure that your application doesn’t have installed dependencies with known security vulnerabilities.

References

Bugs found as part of Solar Security CMS Research. Credits to:
β€’ Andrey Basarygin
β€’ Andrey Guzei
β€’ Mikhail Khramenkov
β€’ Alexander Sidukov
β€’ Maxim Teplykh

For more information

If you have any questions or comments about this advisory:

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.02 Low

EPSS

Percentile

88.7%