CVE-2018-1127 - OpenCVE

Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Gluster Storage

Configuration 1 [-]

cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.securitytracker.com/id/1041597	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:2616	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127	Issue Tracking Patch Vendor Advisory
https://github.com/Tendrl/api/pull/422	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-11T15:00:00

Updated: 2018-09-12T09:57:01

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1127

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-11T15:29:00.593

Modified: 2019-10-09T23:38:10.177

Link: CVE-2018-1127

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Red Hat Gluster Storage", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "3.4.0"}]}], "datePublic": "2018-05-08T00:00:00", "descriptions": [{"lang": "en", "value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-09-12T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2018:2616", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2616"}, {"name": "1041597", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041597"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Tendrl/api/pull/422"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-1127", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Red Hat Gluster Storage", "version": {"version_data": [{"version_value": "3.4.0"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."}]}, "impact": {"cvss": [[{"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613"}]}]}, "references": {"reference_data": [{"name": "RHSA-2018:2616", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2616"}, {"name": "1041597", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041597"}, {"name": "https://github.com/Tendrl/api/pull/422", "refsource": "CONFIRM", "url": "https://github.com/Tendrl/api/pull/422"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1127", "datePublished": "2018-09-11T15:00:00", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2018-09-12T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*", "matchCriteriaId": "E591E3BF-E10E-4502-9E50-58316A6588C3", "versionEndExcluding": "3.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."}, {"lang": "es", "value": "Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesi\u00f3n una vez el usuario ha cerrado sesi\u00f3n. Los tokens de sesi\u00f3n siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autentic\u00e1ndose como el usuario objetivo."}], "id": "CVE-2018-1127", "lastModified": "2019-10-09T23:38:10.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2018-09-11T15:29:00.593", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041597"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2616"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Tendrl/api/pull/422"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "secalert@redhat.com", "type": "Secondary"}]}