CVE-2020-5402 - OpenCVE

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Cloudfoundry	Cf-deployment User Account And Authentication

Configuration 1 [-]

OR	cpe:2.3:a:cloudfoundry:cf-deployment::::::::
	cpe:2.3:a:cloudfoundry:user_account_and_authentication::::::::

References

Link	Resource
https://www.cloudfoundry.org/blog/cve-2020-5402	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: pivotal

Published: 2020-02-24T00:00:00

Updated: 2020-02-27T19:30:24

Reserved: 2020-01-03T00:00:00

Link: CVE-2020-5402

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-27T20:15:11.577

Modified: 2020-03-03T18:35:03.527

Link: CVE-2020-5402

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "UAA", "vendor": "Cloud Foundry", "versions": [{"lessThan": "v74.14.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-02-24T00:00:00", "descriptions": [{"lang": "en", "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-27T19:30:24", "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "shortName": "pivotal"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"}], "source": {"discovery": "UNKNOWN"}, "title": "UAA fails to check the state parameter when authenticating with external IDPs", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@pivotal.io", "DATE_PUBLIC": "2020-02-24T18:03:36.000Z", "ID": "CVE-2020-5402", "STATE": "PUBLIC", "TITLE": "UAA fails to check the state parameter when authenticating with external IDPs"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "UAA", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "v74.14.0"}]}}]}, "vendor_name": "Cloud Foundry"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}]}, "references": {"reference_data": [{"name": "https://www.cloudfoundry.org/blog/cve-2020-5402", "refsource": "CONFIRM", "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"}]}, "source": {"discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03", "assignerShortName": "pivotal", "cveId": "CVE-2020-5402", "datePublished": "2020-02-24T00:00:00", "dateReserved": "2020-01-03T00:00:00", "dateUpdated": "2020-02-27T19:30:24", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:*", "matchCriteriaId": "434D7E36-293E-4E3D-8C01-04F27397ED5C", "versionEndExcluding": "12.33.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cloudfoundry:user_account_and_authentication:*:*:*:*:*:*:*:*", "matchCriteriaId": "C357C23E-B4CA-473B-9F72-77D4A5D22A9C", "versionEndExcluding": "74.14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers."}, {"lang": "es", "value": "En Cloud Foundry UAA, versiones anteriores a 74.14.0, se presenta una vulnerabilidad de tipo CSRF debido a que el par\u00e1metro de estado OAuth2 no es comprado en la funci\u00f3n callback cuando se autentican con proveedores de identidad externa."}], "id": "CVE-2020-5402", "lastModified": "2020-03-03T18:35:03.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@pivotal.io", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-27T20:15:11.577", "references": [{"source": "security@pivotal.io", "tags": ["Vendor Advisory"], "url": "https://www.cloudfoundry.org/blog/cve-2020-5402"}], "sourceIdentifier": "security@pivotal.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@pivotal.io", "type": "Secondary"}]}