CVE-2022-40724 - OpenCVE

The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Pingidentity	Pingfederate

Configuration 1 [-]

OR	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::
	cpe:2.3:a:pingidentity:pingfederate::::::::

References

Link	Resource
https://docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Ping Identity

Published: 2023-04-25T00:00:00

Updated: 2023-04-25T00:00:00

Reserved: 2022-09-14T00:00:00

Link: CVE-2022-40724

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-04-25T19:15:10.383

Modified: 2023-05-04T19:49:32.557

Link: CVE-2022-40724

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40724", "assignerOrgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "assignerShortName": "Ping Identity", "dateUpdated": "2023-04-25T00:00:00", "dateReserved": "2022-09-14T00:00:00", "datePublished": "2023-04-25T00:00:00"}, "containers": {"cna": {"title": "Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint.", "providerMetadata": {"orgId": "5998a2e9-ae88-42cd-b6e0-7564fd979f9e", "shortName": "Ping Identity", "dateUpdated": "2023-04-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests."}], "affected": [{"vendor": "Ping Identity", "product": "PingFederate", "versions": [{"version": "10.3.0", "status": "affected", "lessThan": "10.3.0*", "versionType": "custom"}, {"version": "10.3.11", "status": "affected", "lessThanOrEqual": "10.3.11", "versionType": "custom"}, {"version": "11.0.0", "status": "affected", "lessThan": "11.0.0*", "versionType": "custom"}, {"version": "11.0.6", "status": "affected", "lessThanOrEqual": "11.0.6", "versionType": "custom"}, {"version": "11.1.0", "status": "affected", "lessThan": "11.1.0*", "versionType": "custom"}, {"version": "11.1.5", "status": "affected", "lessThanOrEqual": "11.1.5", "versionType": "custom"}, {"version": "11.2.0", "status": "affected", "lessThan": "11.2.0*", "versionType": "custom"}, {"version": "11.2.2", "status": "affected", "lessThanOrEqual": "11.2.2", "versionType": "custom"}]}], "references": [{"url": "https://docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:H/RL:U/RC:C", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "HIGH", "exploitCodeMaturity": "HIGH", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "baseScore": 6.4, "temporalScore": 6.4, "baseSeverity": "MEDIUM", "temporalSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery", "cweId": "CWE-352"}]}], "source": {"advisory": "SECADV033", "defect": ["PF-32805"], "discovery": "INTERNAL"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "D71A00D1-7F03-41CD-A62F-267D8EA85696", "versionEndIncluding": "10.3.11", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E06480B-D92B-42C1-8A57-90E5F9229E15", "versionEndIncluding": "11.0.6", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F085AB7-29E3-4CC6-88C6-49EF87B1E7E9", "versionEndIncluding": "11.1.5", "versionStartIncluding": "11.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*", "matchCriteriaId": "2F76BB82-2AE0-4330-84E7-BBFFABF030C0", "versionEndIncluding": "11.2.2", "versionStartIncluding": "11.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests."}], "id": "CVE-2022-40724", "lastModified": "2023-05-04T19:49:32.557", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 4.7, "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}, "published": "2023-04-25T19:15:10.383", "references": [{"source": "responsible-disclosure@pingidentity.com", "tags": ["Release Notes"], "url": "https://docs.pingidentity.com/r/en-us/pingfederate-110/fll1675188537050"}], "sourceIdentifier": "responsible-disclosure@pingidentity.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "responsible-disclosure@pingidentity.com", "type": "Secondary"}]}