CVE-2023-49706 - OpenCVE

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linotp	Linotp Virtual Appliance

Configuration 1 [-]

cpe:2.3:a:linotp:linotp:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:linotp:virtual_appliance:*:*:*:*:*:*:*:*

References

Link	Resource
https://linotp.org/CVE-2023-49706.txt	Vendor Advisory
https://linotp.org/security-update-linotp3-selfservice.html	Vendor Advisory
https://www.linotp.org/news.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-19T00:00:00

Updated: 2023-12-19T18:50:03.676576

Reserved: 2023-11-30T00:00:00

Link: CVE-2023-49706

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-19T19:15:07.800

Modified: 2023-12-28T19:56:43.647

Link: CVE-2023-49706

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linotp:linotp:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFFA1A9F-16EA-4923-A86A-709DA8A48692", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linotp:virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "DED984BA-D885-4B29-A1F9-92AFE193DAD1", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal."}, {"lang": "es", "value": "El manejo defectuoso del contexto de solicitud en Self Service en LinOTP 3.x anterior a 3.2.5 permite a atacantes remotos no autenticados escalar privilegios, permiti\u00e9ndoles as\u00ed actuar como y con los permisos de otro usuario. Los atacantes deben generar solicitudes API repetidas para desencadenar una condici\u00f3n de ejecuci\u00f3n con actividad de usuario simult\u00e1nea en el portal de autoservicio."}], "id": "CVE-2023-49706", "lastModified": "2023-12-28T19:56:43.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-19T19:15:07.800", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://linotp.org/CVE-2023-49706.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://linotp.org/security-update-linotp3-selfservice.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.linotp.org/news.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}