CVE-2024-23838

TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e	Patch
https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:truelayer:truelayer.net:*:*:*:*:*:*:*:*

History

08 Feb 2024, 18:02

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
First Time		Truelayer Truelayer truelayer.net
CPE		cpe:2.3:a:truelayer:truelayer.net::::::::
References	~~() https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh -~~	() https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh - Vendor Advisory
References	~~() https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e -~~	() https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e - Patch

30 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-30 17:15

Updated : 2024-02-28 20:54

NVD link : CVE-2024-23838

Mitre link : CVE-2024-23838

CVE.ORG link : CVE-2024-23838

JSON object : View

Products Affected

truelayer

truelayer.net

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2024-23838", "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-01-30T17:15:11.437", "references": [{"url": "https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected."}, {"lang": "es", "value": "TrueLayer.NET es el cliente .Net para TrueLayer. La vulnerabilidad podr\u00eda permitir que un actor malintencionado obtenga control sobre la URL de destino del HttpClient utilizado en las clases API. Para las aplicaciones que utilizan el SDK, se podr\u00edan realizar solicitudes a recursos inesperados en redes locales o a Internet, lo que podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n. El problema se puede mitigar teniendo reglas de salida estrictas que limiten los destinos a los que se pueden realizar las solicitudes y aplicando una validaci\u00f3n estricta a cualquier entrada del usuario pasada a la librer\u00eda \"truelayer-dotnet\". Las versiones de TrueLayer.Client `v1.6.0` y posteriores no se ven afectadas."}], "lastModified": "2024-02-08T18:02:03.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:truelayer:truelayer.net:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "493E24EB-303F-4003-9051-780D458F0C4C", "versionEndExcluding": "1.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}