CVE-2024-41800

Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3.

CVSS v3 4.8 MEDIUM

4.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38	Patch
https://github.com/craftcms/cms/releases/tag/5.2.3	Release Notes
https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx	Vendor Advisory
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use	Third Party Advisory
https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38	Patch
https://github.com/craftcms/cms/releases/tag/5.2.3	Release Notes
https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx	Vendor Advisory
https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:craftcms:craft_cms::::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta1::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta10::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta11::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta2::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta3::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta4::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta5::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta6::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta7::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta8::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:beta9::::::
	cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1::::::

History

No history.

Information

Published : 2024-07-25 17:15

Updated : 2024-11-21 09:33

NVD link : CVE-2024-41800

Mitre link : CVE-2024-41800

CVE.ORG link : CVE-2024-41800

JSON object : View

Products Affected

craftcms

craft_cms

CWE

CWE-287

Improper Authentication

{"id": "CVE-2024-41800", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2024-07-25T17:15:11.203", "references": [{"url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/craftcms/cms/releases/tag/5.2.3", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/craftcms/cms/commit/7c790fa5ad5a8cb8016cb6793ec3554c4c079e38", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/craftcms/cms/releases/tag/5.2.3", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/craftcms/cms/security/advisories/GHSA-wmx7-pw49-88jx", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20240617-01_CraftCMS_TOTP_Valid_After_Use", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Craft is a content management system (CMS). Craft CMS 5 allows reuse of TOTP tokens multiple times within the validity period. An attacker is able to re-submit a valid TOTP token to establish an authenticated session. This requires that the attacker has knowledge of the victim's credentials. This has been patched in Craft 5.2.3."}, {"lang": "es", "value": "Craft es un sistema de gesti\u00f3n de contenidos (CMS). Craft CMS 5 permite la reutilizaci\u00f3n de tokens TOTP varias veces dentro del per\u00edodo de validez. Un atacante puede volver a enviar un token TOTP v\u00e1lido para establecer una sesi\u00f3n autenticada. Esto requiere que el atacante tenga conocimiento de las credenciales de la v\u00edctima. Esto ha sido parcheado en Craft 5.2.3."}], "lastModified": "2024-11-21T09:33:05.817", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C47425-3771-48C2-A7AF-C3CC3D0FE14C", "versionEndExcluding": "5.2.3", "versionStartIncluding": "5.0.1"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D9846D-FC0A-468A-9C38-9B7DBF7CAC5D"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37194977-B7C4-444A-A192-754559F82880"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9CCA076-E687-4F16-9FD8-B93B61098A17"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71C58619-7E6E-4F78-8E52-70893D2C9FF4"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9559946D-B0FB-4A76-A22B-D36F61EA7399"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6109220A-7C22-4F63-A52B-A2C98143AB98"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FD35B52-3F32-4BD9-91A5-1FDEED711AE4"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15B50ECD-79E4-48C3-B9F5-0DA89776775A"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FEBF72C-FE4A-416D-BA61-20AEB75114DD"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB3C237-FC2F-44D2-82C4-E330ED93BC62"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:beta9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1FE2434-F974-4FCE-A96E-A47F490FD208"}, {"criteria": "cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D8E02D1-601A-4E2B-B619-4775BFDB72D0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}