CVE-2024-31842

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team.html	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*

History

29 Oct 2024, 21:35

Type	Values Removed	Values Added
CWE		CWE-863

13 Sep 2024, 14:05

Type	Values Removed	Values Added
References	~~() https://www.gruppotim.it/it/footer/red-team.html -~~	() https://www.gruppotim.it/it/footer/red-team.html - Third Party Advisory
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:italtel:embrace:1.6.4:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Italtel Italtel embrace

21 Aug 2024, 12:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-20 20:15

Updated : 2024-10-29 21:35

NVD link : CVE-2024-31842

Mitre link : CVE-2024-31842

CVE.ORG link : CVE-2024-31842

JSON object : View

Products Affected

italtel

embrace

CWE

NVD-CWE-noinfo CWE-863

Incorrect Authorization

{"id": "CVE-2024-31842", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-08-20T20:15:08.090", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Italtel Embrace 1.6.4. The web application inserts the access token of an authenticated user inside GET requests. The query string for the URL could be saved in the browser's history, passed through Referers to other web sites, stored in web logs, or otherwise recorded in other sources. If the query string contains sensitive information such as session identifiers, then attackers can use this information to launch further attacks. Because the access token in sent in GET requests, this vulnerability could lead to complete account takeover."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Italtel Embrace 1.6.4. La aplicaci\u00f3n web inserta el token de acceso de un usuario autenticado dentro de las solicitudes GET. La cadena de consulta para la URL podr\u00eda guardarse en el historial del navegador, pasarse a trav\u00e9s de Referers a otros sitios web, almacenarse en registros web o registrarse de otro modo en otras fuentes. Si la cadena de consulta contiene informaci\u00f3n confidencial, como identificadores de sesi\u00f3n, los atacantes pueden usar esta informaci\u00f3n para lanzar m\u00e1s ataques. Debido a que el token de acceso se env\u00eda en solicitudes GET, esta vulnerabilidad podr\u00eda provocar la apropiaci\u00f3n completa de la cuenta."}], "lastModified": "2024-10-29T21:35:06.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:italtel:embrace:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3469B5CE-AB48-497A-94DF-820F97DB88B3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}