CVE-2021-25966 - OpenCVE

In “Orchard core CMS” application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Orchardcore	Orchard Core

Configuration 1 [-]

OR	cpe:2.3:a:orchardcore:orchard_core:1.0.0:-::::::
	cpe:2.3:a:orchardcore:orchard_core:1.0.0:beta1-3383::::::

References

Link	Resource
https://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123	Exploit Third Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Mend

Published: 2021-10-06T00:00:00

Updated: 2021-10-10T09:45:11

Reserved: 2021-01-22T00:00:00

Link: CVE-2021-25966

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-10T10:15:07.270

Modified: 2022-02-25T16:10:26.793

Link: CVE-2021-25966

JSON object: View

Redhat Information

No data.

CWE

CWE-613

{"containers": {"cna": {"affected": [{"product": "Users", "vendor": "OrchardCore", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "1.0.0-beta1-3383", "versionType": "custom"}, {"lessThanOrEqual": "1.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-10-06T00:00:00", "descriptions": [{"lang": "en", "value": "In \u201cOrchard core CMS\u201d application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-10T09:45:11", "orgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "shortName": "Mend"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123"}], "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}, "title": "Orchard Core CMS - Improper Session Termination after Password Change", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com", "DATE_PUBLIC": "2021-10-06T09:12:00.000Z", "ID": "CVE-2021-25966", "STATE": "PUBLIC", "TITLE": "Orchard Core CMS - Improper Session Termination after Password Change"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Users", "version": {"version_data": [{"version_affected": ">=", "version_value": "1.0.0-beta1-3383"}, {"version_affected": "<=", "version_value": "1.0.0"}]}}]}, "vendor_name": "OrchardCore"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In \u201cOrchard core CMS\u201d application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-613 Insufficient Session Expiration"}]}]}, "references": {"reference_data": [{"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966", "refsource": "MISC", "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966"}, {"name": "https://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123", "refsource": "MISC", "url": "https://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123"}]}, "source": {"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff", "assignerShortName": "Mend", "cveId": "CVE-2021-25966", "datePublished": "2021-10-06T00:00:00", "dateReserved": "2021-01-22T00:00:00", "dateUpdated": "2021-10-10T09:45:11", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:orchardcore:orchard_core:1.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "A1F7B011-2638-43CF-BB2E-33EF17591277", "vulnerable": true}, {"criteria": "cpe:2.3:a:orchardcore:orchard_core:1.0.0:beta1-3383:*:*:*:*:*:*", "matchCriteriaId": "5A47A4A7-9FEC-4462-94E0-6FB4C929F173", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In \u201cOrchard core CMS\u201d application, versions 1.0.0-beta1-3383 to 1.0.0 are vulnerable to an improper session termination after password change. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed."}, {"lang": "es", "value": "En la aplicaci\u00f3n \"Orchard core CMS\", versiones 1.0.0-beta1-3383 a 1.0.0, son vulnerables a una terminaci\u00f3n de sesi\u00f3n inapropiada tras el cambio de contrase\u00f1a. Cuando una contrase\u00f1a ha sido cambiada por el usuario o por un administrador, un usuario que ya hab\u00eda iniciado sesi\u00f3n, seguir\u00e1 teniendo acceso a la aplicaci\u00f3n incluso despu\u00e9s de haber cambiado la contrase\u00f1a"}], "id": "CVE-2021-25966", "lastModified": "2022-02-25T16:10:26.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vulnerabilitylab@mend.io", "type": "Secondary"}]}, "published": "2021-10-10T10:15:07.270", "references": [{"source": "vulnerabilitylab@mend.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/OrchardCMS/OrchardCore/blob/v1.0.0/src/OrchardCore.Modules/OrchardCore.Users/Controllers/ResetPasswordController.cs#L123"}, {"source": "vulnerabilitylab@mend.io", "tags": ["Third Party Advisory"], "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25966"}], "sourceIdentifier": "vulnerabilitylab@mend.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-613"}], "source": "vulnerabilitylab@mend.io", "type": "Secondary"}]}