{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-15679", "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00", "dateReserved": "2020-07-10T00:00:00", "datePublished": "2022-12-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla", "dateUpdated": "2022-12-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360)."}], "affected": [{"vendor": "Mozilla", "product": "Mozilla VPN iOS 1.0.7", "versions": [{"version": "unspecified", "lessThan": "(929)", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Mozilla VPN Windows", "versions": [{"version": "unspecified", "lessThan": "1.2.2", "status": "affected", "versionType": "custom"}]}, {"vendor": "Mozilla", "product": "Mozilla VPN Android 1.1.0", "versions": [{"version": "unspecified", "lessThan": "(1360)", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.mozilla.org/security/advisories/mfsa2020-48/"}, {"url": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b"}, {"url": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9"}, {"url": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "OAuth Session Fixation on VPN login"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "BCE5840F-B8E4-4B91-AF81-123C0E5DC0D7", "versionEndExcluding": "1.0.7_\\(929\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4923D7EA-8A4F-485F-ADB0-C56BBDC420EA", "versionEndExcluding": "1.2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:ipados:*:*", "matchCriteriaId": "CE3CB7D7-49C2-4516-8110-6E5B4FCB450B", "versionEndExcluding": "1.0.7_\\(929\\)", "versionStartIncluding": "1.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:android:*:*", "matchCriteriaId": "3A2E0580-85D3-4DA0-A6D6-F56B9E60A432", "versionEndExcluding": "1.1.0_\\(1360\\)", "versionStartIncluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360)."}, {"lang": "es", "value": "Exist\u00eda una vulnerabilidad de reparaci\u00f3n de sesi\u00f3n de OAuth en el flujo de inicio de sesi\u00f3n de VPN, donde un atacante pod\u00eda crear una URL de inicio de sesi\u00f3n personalizada, convencer a un usuario de VPN para que iniciara sesi\u00f3n a trav\u00e9s de esa URL y obtener acceso autenticado como ese usuario. Este problema se limita a los casos en los que el atacante y la v\u00edctima comparten la misma IP de origen y podr\u00eda permitir la posibilidad de ver los estados de las sesiones y desconectar las sesiones de VPN. Esta vulnerabilidad afecta a Mozilla VPN iOS 1.0.7 &lt; (929), Mozilla VPN Windows &lt; 1.2.2 y Mozilla VPN Android 1.1.0 &lt; (1360)."}], "id": "CVE-2020-15679", "lastModified": "2022-12-29T19:16:28.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-22T20:15:10.730", "references": [{"source": "security@mozilla.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mozilla-mobile/guardian-vpn-android/commit/981c840276ef3aee98cf5d42993d484ee99b28d9"}, {"source": "security@mozilla.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mozilla-mobile/guardian-vpn-ios/commit/4309f5c9bd2c15cdfd39ac173665fad3f2598b54"}, {"source": "security@mozilla.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mozilla-services/guardian-vpn-windows/commit/ac6f562973a83f6758cd7ab7aa313e863047d41b"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-48/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}