CVE-2023-38505 - OpenCVE

DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Dietpi-dashboard Project	Dietpi-dashboard

Configuration 1 [-]

cpe:2.3:a:dietpi-dashboard_project:dietpi-dashboard:0.6.1:*:*:*:*:rust:*:*

References

Link	Resource
https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7	Exploit
https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666	Patch
https://github.com/ravenclaw900/DietPi-Dashboard/pull/606	Issue Tracking Patch
https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-07-27T18:49:29.182Z

Updated: 2023-07-27T18:49:29.182Z

Reserved: 2023-07-18T16:28:12.077Z

Link: CVE-2023-38505

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-27T19:15:10.217

Modified: 2023-08-03T13:40:43.150

Link: CVE-2023-38505

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-38505", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-18T16:28:12.077Z", "datePublished": "2023-07-27T18:49:29.182Z", "dateUpdated": "2023-07-27T18:49:29.182Z"}, "containers": {"cna": {"title": "DietPi-Dashboard Insufficient TLS Handshake Pool", "problemTypes": [{"descriptions": [{"cweId": "CWE-410", "lang": "en", "description": "CWE-410: Insufficient Resource Pool", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-412", "lang": "en", "description": "CWE-412: Unrestricted Externally Accessible Lock", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44"}, {"name": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606", "tags": ["x_refsource_MISC"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606"}, {"name": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666", "tags": ["x_refsource_MISC"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666"}, {"name": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7", "tags": ["x_refsource_MISC"], "url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7"}], "affected": [{"vendor": "ravenclaw900", "product": "DietPi-Dashboard", "versions": [{"version": "= 0.6.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-07-27T18:49:29.182Z"}, "descriptions": [{"lang": "en", "value": "DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections."}], "source": {"advisory": "GHSA-3jr4-9rxf-fr44", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dietpi-dashboard_project:dietpi-dashboard:0.6.1:*:*:*:*:rust:*:*", "matchCriteriaId": "0E995A4E-8371-42BC-9B9C-9ED2DA01F3FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections."}], "id": "CVE-2023-38505", "lastModified": "2023-08-03T13:40:43.150", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-07-27T19:15:10.217", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit"], "url": "https://asciinema.org/a/8nRKbdf7AkPLmP3QxFZUSmPwp?t=7"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/commit/79cd78615d28f577454415e4baafe4dcd9d09666"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/pull/606"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/ravenclaw900/DietPi-Dashboard/security/advisories/GHSA-3jr4-9rxf-fr44"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-667"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-410"}, {"lang": "en", "value": "CWE-412"}], "source": "security-advisories@github.com", "type": "Secondary"}]}