CVE-2018-20422 - OpenCVE

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Comsenz	Discuzx

Configuration 1 [-]

cpe:2.3:a:comsenz:discuzx:x3.4:*:*:*:*:*:*:*

References

Link	Resource
https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI	Issue Tracking Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-24T04:00:00

Updated: 2018-12-24T04:57:01

Reserved: 2018-12-23T00:00:00

Link: CVE-2018-20422

JSON object: View

NVD Information

Status : Analyzed

Published: 2018-12-24T04:29:00.307

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-20422

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:comsenz:discuzx:x3.4:*:*:*:*:*:*:*", "matchCriteriaId": "687A3172-913F-45AE-971E-04E176578B03", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed)."}, {"lang": "es", "value": "Discuz! DiscuzX 3.4, cuando el inicio de sesi\u00f3n en WeChat est\u00e1 habilitado, permite que atacantes remotos omitan la autenticaci\u00f3n aprovechando un #wechat#common_member_wechatmp sin vaciar para obtener acceso de inicio de sesi\u00f3n a una cuenta mediante una petici\u00f3n ac=wxregister en plugin.php (el atacante no controla a qu\u00e9 cuenta se acceder\u00e1)."}], "id": "CVE-2018-20422", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-12-24T04:29:00.307", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Exploit", "Third Party Advisory"], "url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IPRUI"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}