CVE-2023-23614

{"id": "CVE-2023-23614", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-01-26T21:18:15.063", "references": [{"url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/pi-hole/AdminLTE/security/advisories/GHSA-33w4-xf7m-f82m", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-613"}, {"lang": "en", "value": "CWE-836"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Pi-hole\u00ae's Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as \"Remember me for 7 days\" cookie value makes it possible for an attacker to \"pass the hash\" to login or reuse a theoretically expired \"remember me\" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn't change. If a cookie is leaked or compromised it could be used forever as long as the admin password is not changed. An attacker that obtained the password hash via an other attack vector (for example a path traversal vulnerability) could use it to login as the admin by setting the hash as the cookie value without the need to crack it to obtain the admin password (pass the hash). The hash is exposed over the network and in the browser where the cookie is transmitted and stored. This issue is patched in version 5.18.3."}, {"lang": "es", "value": "La interfaz web de Pi-hole\u00ae (basada en AdminLTE) proporciona una ubicaci\u00f3n central para administrar su Pi-hole. Las versiones 4.0 y superiores, anteriores a la 5.18.3, son vulnerables a Insufficient Session Expiration. El uso inadecuado del hash WEBPASSWORD del administrador como valor de cookie \"Recordarme durante 7 d\u00edas\" hace posible que un atacante realice \"pass the hash\" para iniciar sesi\u00f3n o reutilizar una cookie \"recordarme\" te\u00f3ricamente caducada. Tambi\u00e9n expone el hash a trav\u00e9s de la red y lo almacena innecesariamente en el navegador. La cookie en s\u00ed caducar\u00e1 despu\u00e9s de 7 d\u00edas, pero su valor seguir\u00e1 siendo v\u00e1lido siempre que la contrase\u00f1a de administrador no cambie. Si una cookie se filtra o se ve comprometida, podr\u00eda usarse para siempre siempre y cuando no se cambie la contrase\u00f1a de administrador. Un atacante que obtuvo el hash de la contrase\u00f1a a trav\u00e9s de otro vector de ataque (por ejemplo, una vulnerabilidad de recorrido de ruta) podr\u00eda usarlo para iniciar sesi\u00f3n como administrador estableciendo el hash como valor de la cookie sin necesidad de descifrarlo para obtener la contrase\u00f1a del administrador (pase el picadillo). El hash se expone en la red y en el navegador donde se transmite y almacena la cookie. Este problema se solucion\u00f3 en la versi\u00f3n 5.18.3."}], "lastModified": "2024-11-21T07:46:32.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pi-hole:web_interface:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B16577D5-DC89-473D-A0DF-5D30288083D4", "versionEndExcluding": "5.18.3", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}