CVE-2023-26156

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. **Note:** An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18	Exploit
https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815	Patch
https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:chromedriver_project:chromedriver:*:*:*:*:*:node.js:*:*

History

17 Nov 2023, 17:46

Type	Values Removed	Values Added
References	~~() https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539 -~~	() https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539 - Third Party Advisory
References	~~() https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18 -~~	() https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18 - Exploit
References	~~() https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815 -~~	() https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815 - Patch
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CWE		CWE-78
CPE		cpe:2.3:a:chromedriver_project:chromedriver::::::node.js::*
First Time		Chromedriver Project chromedriver Chromedriver Project

09 Nov 2023, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-09 05:15

Updated : 2024-09-04 14:35

NVD link : CVE-2023-26156

Mitre link : CVE-2023-26156

CVE.ORG link : CVE-2023-26156

JSON object : View

Products Affected

chromedriver_project

chromedriver

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2023-26156", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "report@snyk.io", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.2}]}, "published": "2023-11-09T05:15:09.230", "references": [{"url": "https://gist.github.com/mcoimbra/47b1da554a80795c45126d51e41b2b18", "tags": ["Exploit"], "source": "report@snyk.io"}, {"url": "https://github.com/giggio/node-chromedriver/commit/de961e34e023afcf4fa5c0faeeec69aaa6c3c815", "tags": ["Patch"], "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-CHROMEDRIVER-6049539", "tags": ["Third Party Advisory"], "source": "report@snyk.io"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "report@snyk.io", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system.\r\r**Note:**\r\rAn attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver."}, {"lang": "es", "value": "Las versiones del paquete chromedriver anteriores a 119.0.1 son vulnerables a la inyecci\u00f3n de comandos cuando se configura chromedriver.path en un sistema binario arbitrario. Esto podr\u00eda provocar un acceso no autorizado y acciones potencialmente maliciosas en el sistema host. **Nota:** Un atacante debe tener acceso al sistema que ejecuta la librer\u00eda chromedriver vulnerable para explotarla. El \u00e9xito de la explotaci\u00f3n tambi\u00e9n depende de los permisos y privilegios del proceso que ejecuta Chromedriver."}], "lastModified": "2024-09-04T14:35:01.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chromedriver_project:chromedriver:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "15D986ED-B781-4CAD-BE46-F89E200D39CE", "versionEndExcluding": "119.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}