CVE-2021-31597 - OpenCVE

The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xmlhttprequest-ssl Project	Xmlhttprequest-ssl

Configuration 1 [-]

cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2	Patch Third Party Advisory
https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1	Patch Release Notes Third Party Advisory
https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt	Exploit Third Party Advisory
https://security.netapp.com/advisory/ntap-20210618-0004/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-04-22T23:52:48

Updated: 2021-06-18T09:06:12

Reserved: 2021-04-22T00:00:00

Link: CVE-2021-31597

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-23T00:15:08.283

Modified: 2021-12-08T20:27:09.257

Link: CVE-2021-31597

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-18T09:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210618-0004/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-31597", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt", "refsource": "MISC", "url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"}, {"name": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1", "refsource": "MISC", "url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"}, {"name": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2", "refsource": "MISC", "url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"}, {"name": "https://security.netapp.com/advisory/ntap-20210618-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210618-0004/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-31597", "datePublished": "2021-04-22T23:52:48", "dateReserved": "2021-04-22T00:00:00", "dateUpdated": "2021-06-18T09:06:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlhttprequest-ssl_project:xmlhttprequest-ssl:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "FBCD5604-E3C3-47BE-B429-6AAB717E7DB8", "versionEndExcluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected."}, {"lang": "es", "value": "El paquete xmlhttprequest-ssl versiones anteriores a 1.6.1 para Node.js deshabilita la comprobaci\u00f3n del certificado SSL por defecto, porque acceptUnauthorized (cuando la propiedad existe pero no est\u00e1 definida) se considera falso dentro de la funci\u00f3n https.request de Node.js. En otras palabras, nunca se rechaza ning\u00fan certificado"}], "id": "CVE-2021-31597", "lastModified": "2021-12-08T20:27:09.257", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 9.4, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-04-23T00:15:08.283", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/mjwwit/node-XMLHttpRequest/commit/bf53329b61ca6afc5d28f6b8d2dc2e3ca740a9b2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "https://github.com/mjwwit/node-XMLHttpRequest/compare/v1.6.0...1.6.1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://people.kingsds.network/wesgarland/xmlhttprequest-ssl-vuln.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210618-0004/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}