CVE-2022-28109

Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine.

CVSS v3 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.openwall.com/lists/oss-security/2022/04/16/1	Mailing List Third Party Advisory
https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/	Exploit Mitigation Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/02/07/3	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:selenium:selenium_grid::::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:-::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha1::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha2::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha3::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha4::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha5::::::
	cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha6::::::

History

No history.

Information

Published : 2022-04-15 16:15

Updated : 2024-02-28 19:09

NVD link : CVE-2022-28109

Mitre link : CVE-2022-28109

CVE.ORG link : CVE-2022-28109

JSON object : View

Products Affected

selenium

selenium_grid

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-28109", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-04-15T16:15:07.897", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/04/16/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.gabriel.urdhr.fr/2022/02/07/selenium-standalone-server-csrf-dns-rebinding-rce/", "tags": ["Exploit", "Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2022/02/07/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Selenium Selenium Grid (formerly Selenium Standalone Server) Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code (remote). The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a malicious remote web server. The WebDriver endpoint of Selenium Server (Grid) is vulnerable to DNS rebinding. This can be used to execute arbitrary code on the machine."}, {"lang": "es", "value": "Selenium Selenium Grid (anteriormente Selenium Standalone Server) Corregido en versi\u00f3n 4.0.0-alpha-7 est\u00e1 afectado por: Un reencuadre de DNS. El impacto es: ejecutar c\u00f3digo arbitrario (remoto). El componente es: WebDriver endpoint de Selenium Grid / Selenium Standalone Server. El vector de ataque es: Desencadenado por la navegaci\u00f3n a un servidor web remoto malicioso. El endpoint WebDriver de Selenium Server (Grid) es vulnerable a un reencuadre de DNS. Esto puede ser usado para ejecutar c\u00f3digo arbitrario en la m\u00e1quina"}], "lastModified": "2022-04-25T16:24:40.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:selenium:selenium_grid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F051B81-A7AE-4D94-B701-9FC7F006AEEC", "versionEndExcluding": "4.0.0"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "324578B9-CAD2-4F95-91F2-76EDB5FD0A85"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51D35036-15ED-43D1-918D-E38FCAB10D52"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "731C8648-E3E2-4D44-A828-46B628D10A2B"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D76FAFC-B115-41AE-98AE-1128F5B6F492"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CD5D613-B4DF-4F6C-9593-70BF0DE2E06A"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E336A584-478F-4164-8F4C-6BC0FE32FB52"}, {"criteria": "cpe:2.3:a:selenium:selenium_grid:4.0.0:alpha6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDE08E93-5199-4EA9-BD47-9B188994C542"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}