CVE-2020-27739 - OpenCVE

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Citadel	Webcit

Configuration 1 [-]

cpe:2.3:a:citadel:webcit:*:*:*:*:*:*:*:*

References

Link	Resource
http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834	Exploit Vendor Advisory
https://www.citadel.org/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-10-28T18:44:39

Updated: 2020-10-28T18:44:39

Reserved: 2020-10-26T00:00:00

Link: CVE-2020-27739

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-28T19:15:13.840

Modified: 2020-11-04T20:22:50.210

Link: CVE-2020-27739

JSON object: View

Redhat Information

No data.

CWE

CWE-613

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-28T18:44:39", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.citadel.org/"}, {"tags": ["x_refsource_MISC"], "url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-27739", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.citadel.org/", "refsource": "MISC", "url": "https://www.citadel.org/"}, {"name": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834", "refsource": "MISC", "url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-27739", "datePublished": "2020-10-28T18:44:39", "dateReserved": "2020-10-26T00:00:00", "dateUpdated": "2020-10-28T18:44:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:citadel:webcit:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DCE4B0-8642-4654-BFE5-CB38B74CD1EF", "versionEndIncluding": "926", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived \"Multiple Security Vulnerabilities in WebCit 926\" thread."}, {"lang": "es", "value": "Una vulnerabilidad de Administraci\u00f3n de Sesi\u00f3n D\u00e9bil en Citadel WebCit versiones hasta 926, permite a atacantes remotos no autenticados secuestrar las sesiones de los usuarios que iniciaron sesi\u00f3n recientemente. NOTA: esto se report\u00f3 al proveedor en un hilo o subproceso \"Multiple Security Vulnerabilities in WebCit 926\" archivado p\u00fablicamente"}], "id": "CVE-2020-27739", "lastModified": "2020-11-04T20:22:50.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-28T19:15:13.840", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://uncensored.citadel.org/readfwd?go=Citadel%20Security?start_reading_at=4592834"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.citadel.org/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}]}