CVE-2021-23435 - OpenCVE

This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Thoughtbot	Clearance

Configuration 1 [-]

cpe:2.3:a:thoughtbot:clearance:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/thoughtbot/clearance/pull/945	Patch Third Party Advisory
https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2021-09-12T00:00:00

Updated: 2021-09-12T20:05:10

Reserved: 2021-01-08T00:00:00

Link: CVE-2021-23435

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-12T20:15:07.443

Modified: 2021-09-23T17:33:28.967

Link: CVE-2021-23435

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "clearance", "vendor": "n/a", "versions": [{"lessThan": "2.5.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Snyk Security Team"}], "datePublic": "2021-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Open Redirect", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-12T20:05:10", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/thoughtbot/clearance/pull/945"}], "title": "Open Redirect", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-09-12T20:00:23.031648Z", "ID": "CVE-2021-23435", "STATE": "PUBLIC", "TITLE": "Open Redirect"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "clearance", "version": {"version_data": [{"version_affected": "<", "version_value": "2.5.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Snyk Security Team"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Open Redirect"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"}, {"name": "https://github.com/thoughtbot/clearance/pull/945", "refsource": "MISC", "url": "https://github.com/thoughtbot/clearance/pull/945"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2021-23435", "datePublished": "2021-09-12T00:00:00", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2021-09-12T20:05:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thoughtbot:clearance:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA5DD45E-7578-4DD7-9105-F2CBC8A35649", "versionEndExcluding": "2.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com)."}, {"lang": "es", "value": "Esto afecta al paquete clearance versiones anteriores a 2.5.0. La vulnerabilidad puede ser posible cuando los usuarios son capaces de establecer el valor de session[:return_to]. Si el valor usado para return_to contiene m\u00faltiples barras inclinadas (/////example.com) el usuario acaba siendo redirigido al dominio externo que viene despu\u00e9s de las barras (http://example.com)"}], "id": "CVE-2021-23435", "lastModified": "2021-09-23T17:33:28.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-09-12T20:15:07.443", "references": [{"source": "report@snyk.io", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/thoughtbot/clearance/pull/945"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-RUBY-CLEARANCE-1577284"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}