CVE-2023-47628

{"id": "CVE-2023-47628", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.6}]}, "published": "2023-11-14T01:15:08.137", "references": [{"url": "https://github.com/datahub-project/datahub/security/advisories/GHSA-75p8-rgh2-r9mx", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "DataHub is an open-source metadata platform. DataHub Frontend's sessions are configured using Play Framework's default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "DataHub es una plataforma de metadatos de c\u00f3digo abierto. Las sesiones de DataHub Frontend se configuran utilizando la configuraci\u00f3n predeterminada de Play Framework para sesiones sin estado que no establecen un tiempo de vencimiento para una cookie. Debido a esto, si alguna vez se filtrara una cookie de sesi\u00f3n, ser\u00eda v\u00e1lida para siempre. DataHub utiliza una cookie de sesi\u00f3n sin estado que no se invalida al cerrar sesi\u00f3n, simplemente se elimina del navegador y obliga al usuario a iniciar sesi\u00f3n nuevamente. Sin embargo, si un atacante extrae una cookie de un usuario autenticado, seguir\u00e1 siendo v\u00e1lida ya que no hay validaci\u00f3n en una ventana de tiempo para la cual el token de sesi\u00f3n es v\u00e1lido debido a una combinaci\u00f3n del uso de LegacyCookiesModule de Play Framework y el uso de configuraciones predeterminadas que no establezca un tiempo de vencimiento. Todas las instancias de DataHub anteriores al parche que eliminaron al usuario de DataHub, pero no las pol\u00edticas predeterminadas que se aplican a ese usuario, se ven afectadas. Se recomienda a los usuarios que actualicen a la versi\u00f3n 0.12.1, que soluciona el problema. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2023-11-21T19:10:25.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datahub_project:datahub:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A45A340B-5E00-4E48-A37F-71C11DDAAFF1", "versionEndExcluding": "0.12.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}