CVE-2021-32738

js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3	Release Notes Third Party Advisory
https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:stellar:js-stellar-sdk:*:*:*:*:*:node.js:*:*

History

No history.

Information

Published : 2021-07-02 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-32738

Mitre link : CVE-2021-32738

CVE.ORG link : CVE-2021-32738

JSON object : View

Products Affected

stellar

js-stellar-sdk

CWE

CWE-347

Improper Verification of Cryptographic Signature

CWE-287

Improper Authentication

{"id": "CVE-2021-32738", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-07-02T19:15:08.063", "references": [{"url": "https://github.com/stellar/js-stellar-sdk/releases/tag/v8.2.3", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/stellar/js-stellar-sdk/security/advisories/GHSA-6cgh-hjpw-q3gq", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction."}, {"lang": "es", "value": "js-stellar-sdk es una biblioteca de Javascript para comunicarse con un servidor Stellar Horizon. La funci\u00f3n \"Utils.readChallengeTx\" usada en SEP-10 Stellar Web Authentication declara en la documentaci\u00f3n de su funci\u00f3n que lee y comprueba la transacci\u00f3n del reto incluyendo la comprobaci\u00f3n de que el \"serverAccountID\" ha firmado la transacci\u00f3n. En js-stellar-sdk versiones anteriores a 8.2.3, la funci\u00f3n no comprueba que el servidor haya firmado la transacci\u00f3n. Las aplicaciones que tambi\u00e9n usaban \"Utils.verifyChallengeTxThreshold\" o \"Utils.verifyChallengeTxSigners\" para comprobar las firmas, incluyendo la firma del servidor en la transacci\u00f3n de desaf\u00edo, no se ven afectadas ya que esas funciones comprueban que el servidor ha firmado la transacci\u00f3n. Las aplicaciones que llaman a \"Utils.readChallengeTx\" deber\u00edan actualizar a la versi\u00f3n 8.2.3, la primera versi\u00f3n con un parche para esta vulnerabilidad, para asegurarse de que la transacci\u00f3n de desaf\u00edo es completamente v\u00e1lida y est\u00e1 firmada por el servidor que crea la transacci\u00f3n de desaf\u00edo"}], "lastModified": "2022-07-02T21:07:11.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stellar:js-stellar-sdk:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "9AB6A3F8-D0B8-4AE2-AFEF-C4461920A63C", "versionEndExcluding": "8.2.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}