Lucene search

GoogleOSV:GHSA-VQ59-5X26-H639

HistoryMar 17, 2023 - 2:43 p.m.

Authorization Bypass Through User-Controlled Key play-with-docker

2023-03-1714:43:12

Google

osv.dev

authorization bypass

user-controlled key

play-with-docker.com

cors

http request

response header

user information

patch

upgrade

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

Impact
Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information.

Patches
It has been fixed in lastest version, Please upgrade to latest version

Workarounds
No, users have to upgrade version.

CPENameOperatorVersion
github.com/play-with-docker/play-with-dockerle0.0.2

CPE	Name	Operator	Version
	github.com/play-with-docker/play-with-docker	le	0.0.2

References

github.com/play-with-docker/play-with-docker

github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a

github.com/play-with-docker/play-with-docker/security/advisories/GHSA-vq59-5x26-h639

nvd.nist.gov/vuln/detail/CVE-2023-28109

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

56.4%

JSON

Related for OSV:GHSA-VQ59-5X26-H639