CVE-2023-49706

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://linotp.org/CVE-2023-49706.txt	Vendor Advisory
https://linotp.org/security-update-linotp3-selfservice.html	Vendor Advisory
https://www.linotp.org/news.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linotp:linotp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:linotp:virtual_appliance:*:*:*:*:*:*:*:*

History

28 Dec 2023, 19:56

Type	Values Removed	Values Added
References	~~() https://linotp.org/CVE-2023-49706.txt -~~	() https://linotp.org/CVE-2023-49706.txt - Vendor Advisory
References	~~() https://www.linotp.org/news.html -~~	() https://www.linotp.org/news.html - Vendor Advisory
References	~~() https://linotp.org/security-update-linotp3-selfservice.html -~~	() https://linotp.org/security-update-linotp3-selfservice.html - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.8
CWE		CWE-362
CPE		cpe:2.3:a:linotp:linotp:::::::: cpe:2.3:a:linotp:virtual_appliance::::::::
First Time		Linotp virtual Appliance Linotp Linotp linotp

19 Dec 2023, 19:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-19 19:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-49706

Mitre link : CVE-2023-49706

CVE.ORG link : CVE-2023-49706

JSON object : View

Products Affected

linotp

virtual_appliance
linotp

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

{"id": "CVE-2023-49706", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}]}, "published": "2023-12-19T19:15:07.800", "references": [{"url": "https://linotp.org/CVE-2023-49706.txt", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://linotp.org/security-update-linotp3-selfservice.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.linotp.org/news.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions of another user. Attackers must generate repeated API requests to trigger a race condition with concurrent user activity in the self-service portal."}, {"lang": "es", "value": "El manejo defectuoso del contexto de solicitud en Self Service en LinOTP 3.x anterior a 3.2.5 permite a atacantes remotos no autenticados escalar privilegios, permiti\u00e9ndoles as\u00ed actuar como y con los permisos de otro usuario. Los atacantes deben generar solicitudes API repetidas para desencadenar una condici\u00f3n de ejecuci\u00f3n con actividad de usuario simult\u00e1nea en el portal de autoservicio."}], "lastModified": "2023-12-28T19:56:43.647", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linotp:linotp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFFA1A9F-16EA-4923-A86A-709DA8A48692", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linotp:virtual_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DED984BA-D885-4B29-A1F9-92AFE193DAD1", "versionEndIncluding": "3.2.4", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}