CVE-2020-15109

In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d	Patch Third Party Advisory
https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nebulab:solidus::::::::
	cpe:2.3:a:nebulab:solidus::::::::
	cpe:2.3:a:nebulab:solidus::::::::

History

No history.

Information

Published : 2020-08-04 23:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-15109

Mitre link : CVE-2020-15109

CVE.ORG link : CVE-2020-15109

JSON object : View

Products Affected

nebulab

solidus

CWE

CWE-862

Missing Authorization

CWE-20

Improper Input Validation

{"id": "CVE-2020-15109", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-08-04T23:15:10.347", "references": [{"url": "https://gist.github.com/kennyadsl/4618cd9797984cb64f7700a81bda889d", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/solidusio/solidus/security/advisories/GHSA-3mvg-rrrw-m7ph", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipment costs associated with the new shipment. All stores with at least two shipping zones and different costs of shipment per zone are impacted. This problem comes from how checkout permitted attributes are structured. We have a single list of attributes that are permitted across the whole checkout, no matter the step that is being submitted. See the linked reference for more information. As a workaround, if it is not possible to upgrade to a supported patched version, please use this gist in the references section."}, {"lang": "es", "value": "En solidus versiones anteriores a 2.8.6, 2.9.6 y 2.10.2, se presenta la posibilidad de cambiar la direcci\u00f3n del pedido sin activar comprobaciones de direcci\u00f3n. Esta vulnerabilidad permite a un cliente malicioso crear datos de petici\u00f3n con par\u00e1metros que permitan cambiar la direcci\u00f3n del pedido actual sin cambiar los costos de env\u00edo asociados con el nuevo env\u00edo. Todas las tiendas con al menos dos zonas de env\u00edo y diferentes costos de env\u00edo por zona est\u00e1n afectadas. Este problema proviene de c\u00f3mo se estructuran los atributos permitidos de pago. Tenemos una lista \u00fanica de atributos que est\u00e1n permitidos en todo el proceso de pago, sin importar el paso que esta siendo enviado. Consulte la referencia vinculada para m\u00e1s informaci\u00f3n. Como una soluci\u00f3n alternativa, si no es posible actualizar a una versi\u00f3n parcheada compatible, use esta esencia en la secci\u00f3n de referencias"}], "lastModified": "2021-11-18T18:29:16.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AE5C6C1-50C2-4D8A-A1A1-1679BF2BD616", "versionEndExcluding": "2.8.6"}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83119E07-1C20-4CD2-8561-2B6AF76A460C", "versionEndExcluding": "2.9.6", "versionStartIncluding": "2.9.0"}, {"criteria": "cpe:2.3:a:nebulab:solidus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57EEBC07-382C-4A07-965F-CD2FB7110CC9", "versionEndExcluding": "2.10.2", "versionStartIncluding": "2.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}