CVE-2014-10067 - OpenCVE

paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Paypal-ipn Project	Paypal-ipn

Configuration 1 [-]

cpe:2.3:a:paypal-ipn_project:paypal-ipn:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/andzdroid/paypal-ipn/issues/11	Issue Tracking Third Party Advisory
https://nodesecurity.io/advisories/26	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: hackerone

Published: 2018-04-26T00:00:00

Updated: 2018-05-29T19:57:02

Reserved: 2017-10-29T00:00:00

Link: CVE-2014-10067

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-05-29T20:29:00.220

Modified: 2018-07-09T14:27:20.073

Link: CVE-2014-10067

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "paypal-ipn node module", "vendor": "HackerOne", "versions": [{"status": "affected", "version": "<3.0.0"}]}], "datePublic": "2018-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}], "problemTypes": [{"descriptions": [{"description": "Improper Authentication", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-29T19:57:02", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"tags": ["x_refsource_MISC"], "url": "https://nodesecurity.io/advisories/26"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "support@hackerone.com", "DATE_PUBLIC": "2018-04-26T00:00:00", "ID": "CVE-2014-10067", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "paypal-ipn node module", "version": {"version_data": [{"version_value": "<3.0.0"}]}}]}, "vendor_name": "HackerOne"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://github.com/andzdroid/paypal-ipn/issues/11", "refsource": "MISC", "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"name": "https://nodesecurity.io/advisories/26", "refsource": "MISC", "url": "https://nodesecurity.io/advisories/26"}]}}}}, "cveMetadata": {"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2014-10067", "datePublished": "2018-04-26T00:00:00", "dateReserved": "2017-10-29T00:00:00", "dateUpdated": "2018-05-29T19:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:paypal-ipn_project:paypal-ipn:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "7A017D53-AD44-4031-94EA-9BD990B96739", "versionEndExcluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attacker could craft a request using the simulator that would fool any application which does not explicitly check for test_ipn in production."}, {"lang": "es", "value": "paypal-ipn en versiones anteriores a la 3.0.0 emplea el par\u00e1metro \"test_ipn\" (que se establece por medio del simulador PayPal IPN) para determinar si deber\u00eda usar el sitio de PayPal en producci\u00f3n o el sandbox. Con un poco de tiempo, un atacante podr\u00eda manipuflar una petici\u00f3n empleando el simulador que enga\u00f1ar\u00eda a cualquier aplicaci\u00f3n que no comprueba test_ipn expl\u00edcitamente en producci\u00f3n."}], "id": "CVE-2014-10067", "lastModified": "2018-07-09T14:27:20.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-29T20:29:00.220", "references": [{"source": "support@hackerone.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/andzdroid/paypal-ipn/issues/11"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://nodesecurity.io/advisories/26"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}