CVE-2022-35953 - OpenCVE

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Joinbookwyrm	Bookwyrm

Configuration 1 [-]

cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x	Exploit Issue Tracking Third Party Advisory
https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/	Exploit Issue Tracking Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-08-12T20:15:13

Updated: 2022-08-12T20:15:13

Reserved: 2022-07-15T00:00:00

Link: CVE-2022-35953

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-12T21:15:08.037

Modified: 2022-08-16T16:08:07.407

Link: CVE-2022-35953

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "bookwyrm", "vendor": "bookwyrm-social", "versions": [{"status": "affected", "version": "< 0.4.5"}]}], "descriptions": [{"lang": "en", "value": "BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-12T20:15:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x"}, {"tags": ["x_refsource_MISC"], "url": "https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/"}], "source": {"advisory": "GHSA-xq42-mq5w-m24x", "discovery": "UNKNOWN"}, "title": "URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-35953", "STATE": "PUBLIC", "TITLE": "URL Redirection to Untrusted Site ('Open Redirect') in bookwyrm"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "bookwyrm", "version": {"version_data": [{"version_value": "< 0.4.5"}]}}]}, "vendor_name": "bookwyrm-social"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x", "refsource": "CONFIRM", "url": "https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x"}, {"name": "https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/", "refsource": "MISC", "url": "https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/"}]}, "source": {"advisory": "GHSA-xq42-mq5w-m24x", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-35953", "datePublished": "2022-08-12T20:15:13", "dateReserved": "2022-07-15T00:00:00", "dateUpdated": "2022-08-12T20:15:13", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:joinbookwyrm:bookwyrm:*:*:*:*:*:*:*:*", "matchCriteriaId": "D72588D8-BF2B-42A3-8DD6-FE4381B2C502", "versionEndExcluding": "0.4.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5."}, {"lang": "es", "value": "BookWyrm es una red social para hacer un seguimiento de tus lecturas, hablar de libros, escribir rese\u00f1as y detectar qu\u00e9 leer a continuaci\u00f3n. Algunos enlaces en BookWyrm pueden ser vulnerables al tabnabbing, una forma de phishing que da a atacantes la oportunidad de redirigir a un usuario a un sitio malicioso. El problema ha sido corregido en versi\u00f3n 0.4.5."}], "id": "CVE-2022-35953", "lastModified": "2022-08-16T16:08:07.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-08-12T21:15:08.037", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/bookwyrm-social/bookwyrm/security/advisories/GHSA-xq42-mq5w-m24x"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/67ca22bd-19c6-466b-955a-b1ee2da0c575/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "security-advisories@github.com", "type": "Primary"}]}