CVE-2022-46170

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

C

odeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie.

References

Link	Resource
https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328	Patch Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558	Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328	Patch Third Party Advisory
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:30

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 8.6
References	~~() https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328 - Patch, Third Party Advisory~~	() https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328 - Patch, Third Party Advisory
References	~~() https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558 - Third Party Advisory~~	() https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558 - Third Party Advisory

Information

Published : 2022-12-22 19:15

Updated : 2024-11-21 07:30

NVD link : CVE-2022-46170

Mitre link : CVE-2022-46170

CVE.ORG link : CVE-2022-46170

JSON object : View

Products Affected

codeigniter

codeigniter

CWE

CWE-287

Improper Authentication

{"id": "CVE-2022-46170", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2022-12-22T19:15:09.223", "references": [{"url": "https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328", "tags": ["Patch", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie."}, {"lang": "es", "value": "CodeIgniter es un framework web PHP full-stack. Cuando una aplicaci\u00f3n utiliza (1) m\u00faltiples cookies de sesi\u00f3n (por ejemplo, una para p\u00e1ginas de usuario y otra para p\u00e1ginas de administraci\u00f3n) y (2) un controlador de sesi\u00f3n est\u00e1 configurado en `DatabaseHandler`, `MemcachedHandler` o `RedisHandler`, entonces, si un atacante obtiene una cookie de sesi\u00f3n (por ejemplo, una para p\u00e1ginas de usuario), es posible que pueda acceder a p\u00e1ginas que requieren otra cookie de sesi\u00f3n (por ejemplo, para p\u00e1ginas de administraci\u00f3n). Este problema ha sido solucionado; actualice a la versi\u00f3n 4.2.11 o posterior. Como soluci\u00f3n alternativa, utilice solo una cookie de sesi\u00f3n."}], "lastModified": "2024-11-21T07:30:15.103", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codeigniter:codeigniter:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E8EEE4F-3F8A-4CC9-9501-87DD6F0FF2B2", "versionEndExcluding": "4.2.11", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}