CVE-2021-32738

{"id": "CVE-2021-32738", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-07-02T19:15:08.063", "references": [{"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction."}, {"lang": "es", "value": "js-stellar-sdk es una biblioteca de Javascript para comunicarse con un servidor Stellar Horizon. La funci\u00f3n \"Utils.readChallengeTx\" usada en SEP-10 Stellar Web Authentication declara en la documentaci\u00f3n de su funci\u00f3n que lee y comprueba la transacci\u00f3n del reto incluyendo la comprobaci\u00f3n de que el \"serverAccountID\" ha firmado la transacci\u00f3n. En js-stellar-sdk versiones anteriores a 8.2.3, la funci\u00f3n no comprueba que el servidor haya firmado la transacci\u00f3n. Las aplicaciones que tambi\u00e9n usaban \"Utils.verifyChallengeTxThreshold\" o \"Utils.verifyChallengeTxSigners\" para comprobar las firmas, incluyendo la firma del servidor en la transacci\u00f3n de desaf\u00edo, no se ven afectadas ya que esas funciones comprueban que el servidor ha firmado la transacci\u00f3n. Las aplicaciones que llaman a \"Utils.readChallengeTx\" deber\u00edan actualizar a la versi\u00f3n 8.2.3, la primera versi\u00f3n con un parche para esta vulnerabilidad, para asegurarse de que la transacci\u00f3n de desaf\u00edo es completamente v\u00e1lida y est\u00e1 firmada por el servidor que crea la transacci\u00f3n de desaf\u00edo"}], "lastModified": "2022-07-02T21:07:11.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stellar:js-stellar-sdk:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "9AB6A3F8-D0B8-4AE2-AFEF-C4461920A63C", "versionEndExcluding": "8.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}