CVE-2023-34050

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.7 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content

References

Link	Resource
https://spring.io/security/cve-2023-34050	Mitigation Vendor Advisory
https://spring.io/security/cve-2023-34050	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol::::::::
	cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol::::::::

History

21 Nov 2024, 08:06

Type	Values Removed	Values Added
References	~~() https://spring.io/security/cve-2023-34050 - Mitigation, Vendor Advisory~~	() https://spring.io/security/cve-2023-34050 - Mitigation, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 5.0

Information

Published : 2023-10-19 08:15

Updated : 2024-11-21 08:06

NVD link : CVE-2023-34050

Mitre link : CVE-2023-34050

CVE.ORG link : CVE-2023-34050

JSON object : View

Products Affected

spring_advanced_message_queuing_protocol

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-34050", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 0.7}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-10-19T08:15:08.357", "references": [{"url": "https://spring.io/security/cve-2023-34050", "tags": ["Mitigation", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://spring.io/security/cve-2023-34050", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\nIn spring AMQP versions 1.0.0 to\n2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class\nnames were added to Spring AMQP, allowing users to lock down deserialization of\ndata in messages from untrusted sources; however by default, when no allowed\nlist was provided, all classes could be deserialized.\n\n\n\nSpecifically, an application is\nvulnerable if\n\n\n\n\n * the\n SimpleMessageConverter or SerializerMessageConverter is used\n\n * the user\n does not configure allowed list patterns\n\n * untrusted\n message originators gain permissions to write messages to the RabbitMQ\n broker to send malicious content\n\n\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "En las versiones Spring AMQP 1.0.0 a 2.4.16 y 3.0.0 a 3.0.9, se agregaron a Spring AMQP patrones de listas permitidas para nombres de clases deserializables, lo que permite a los usuarios bloquear la deserializaci\u00f3n de datos en mensajes de fuentes no confiables; sin embargo, de forma predeterminada, cuando no se proporcionaba una lista permitida, se pod\u00edan deserializar todas las clases. Espec\u00edficamente, una aplicaci\u00f3n es vulnerable si * se utiliza SimpleMessageConverter o SerializerMessageConverter * el usuario no configura los patrones de lista permitidos * los originadores de mensajes que no son de confianza obtienen permisos para escribir mensajes al agente RabbitMQ para enviar contenido malicioso"}], "lastModified": "2024-11-21T08:06:28.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4750D156-5059-46DE-A787-62DA3319F372", "versionEndExcluding": "2.4.16", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:vmware:spring_advanced_message_queuing_protocol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7E11342-A840-4A93-822A-2DAC86B9D4A5", "versionEndExcluding": "3.0.9", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}