Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857) & Proxy Authentication Credentials Leak (GHSA-wf5p-g6vw-rhxx)

작성자 KUR 프로그램 버그캠프 (Bugcamp)

WEB 종료됨(범위외) 없음 보상없음 작성일: 2024년 10월 18일 (2달 전) 마지막 업데이트일: 2024년 10월 22일 (2달 전)

취약점 유형

The Axios library, version 0.21.4

상세내용

Vulnerability Description:

The Axios library, version 0.21.4, is vulnerable to two medium-severity vulnerabilities:

Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857): Axios is vulnerable to CSRF attacks, which could allow an attacker to perform unauthorized actions on behalf of the user.
Proxy Authentication Credentials Leak (GHSA-wf5p-g6vw-rhxx): Axios depends on the follow-redirects library, which has a vulnerability that could leak proxy authentication credentials.

Impact:

CSRF Vulnerability: An attacker could use this vulnerability to perform unauthorized actions on behalf of the user, such as changing their account settings or making unauthorized requests.
Proxy Authentication Credentials Leak: An attacker could use this vulnerability to obtain the proxy authentication credentials, which could be used to access sensitive information or systems.

Remediation:

Update Axios to a secure version: Update Axios to version 1.6.8 or later, which fixes the CSRF vulnerability.
Update follow-redirects to a secure version: Update the follow-redirects library to version 1.15.6 or later, which fixes the proxy authentication credentials leak vulnerability.
Implement CSRF protection: Implement CSRF protection measures, such as using the csrf middleware in your application.
Use a secure proxy configuration: Use a secure proxy configuration that does not leak authentication credentials.

Steps to Reproduce:

Create a test environment: Create a test environment with Axios version 0.21.4 and a vulnerable version of follow-redirects.
Send a request with a malicious redirect: Send a request to the test environment with a malicious redirect that triggers the CSRF vulnerability.
Verify the response: Verify that the response contains the proxy authentication credentials.

첨부파일

타임라인

KUR 님이 티켓을 제출했습니다. 2024년 10월 18일 (2달 전)
Dona MANAGER 님이 상태를 '제출됨'에서 '처리중'으로 변경했습니다. 2024년 10월 21일 (2달 전)
Dona MANAGER 님이 댓글을 남겼습니다. 2024년 10월 22일 (2달 전)

Hello. KUR.
I’m Donna.

The ticket you reported is a report that only suggests the possibility of exploitation.
Therefore, since it is not a vulnerability, we will terminate it.

Dona MANAGER 님이 댓글을 남겼습니다. 2024년 10월 22일 (2달 전)

To add some explanation:
This is not a BugCamp vulnerability specified in asset scope. So it ends up being “out of bounds”.
Thank you.

Dona MANAGER 님이 위험도를 '중간'에서 '없음'으로 변경했습니다. 2024년 10월 22일 (2달 전)
Dona MANAGER 님이 상태를 '처리중'에서 '종료됨(범위외)'으로 변경했습니다. 2024년 10월 22일 (2달 전)
Dona MANAGER 님이 공개상태를 '비공개'에서 '전체공개'로 변경했습니다. 2024년 10월 22일 (2달 전)