CVE-2020-15223

In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0

CVSS v3 8.0 HIGH
CVSS v2.0 4.0 MEDIUM

8.0^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319	Patch Third Party Advisory
https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm	Third Party Advisory
https://tools.ietf.org/html/rfc7009#section-2.2.1	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*

History

21 Oct 2022, 18:09

Type	Values Removed	Values Added
CWE	~~CWE-755~~	CWE-754

Information

Published : 2020-09-24 17:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-15223

Mitre link : CVE-2020-15223

CVE.ORG link : CVE-2020-15223

JSON object : View

Products Affected

ory

fosite

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

CWE-755

Improper Handling of Exceptional Conditions

{"id": "CVE-2020-15223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.6}]}, "published": "2020-09-24T17:15:13.210", "references": [{"url": "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://tools.ietf.org/html/rfc7009#section-2.2.1", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-754"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-755"}]}], "descriptions": [{"lang": "en", "value": "In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0"}, {"lang": "es", "value": "En ORY Fosite (el primer framework de seguridad OAuth2 & OpenID Connect para Go) anterior a la versi\u00f3n 0.34.0, el \"TokenRevocationHandler\" ignora los errores provenientes del almacenamiento. Esto puede conllevar a 200 c\u00f3digos de estado no previstos que indican una revocaci\u00f3n exitosa mientras el token a\u00fan es v\u00e1lido. Si un atacante puede usar esto para su favor depende de la capacidad de desencadenar errores en la tienda. Esto se corrigi\u00f3 en la versi\u00f3n 0.34.0"}], "lastModified": "2022-10-21T18:09:36.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ory:fosite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E07C30-E0A1-456A-B3E8-A0015EB05A66", "versionEndExcluding": "0.34.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}