search

simplycubed / terraform-google-static-assets

Modules for managing static assets (CSS, JS, images) in GCP
https://simplycubed.com
Apache License 2.0
2 stars 1 forks source link

CVE-2022-3172 (Medium) detected in k8s.io/Apimachinery-v0.24.2 - autoclosed #47

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 1 year ago

CVE-2022-3172 - Medium Severity Vulnerability

Vulnerable Library - k8s.io/Apimachinery-v0.24.2

null

Library home page: https://proxy.golang.org/k8s.io/apimachinery/@v/v0.24.2.zip

Dependency Hierarchy: - github.com/gruntwork-io/terratest-v0.40.17 (Root Library) - :x: **k8s.io/Apimachinery-v0.24.2** (Vulnerable Library)

Found in HEAD commit: 2914fa084ecd9aa53a35893c1257afce94fb4df3

Found in base branch: master

Vulnerability Details

A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This issue leads to the client performing unexpected actions and forwarding the client's API server credentials to third parties

Publish Date: 2022-09-10

URL: CVE-2022-3172

CVSS 3 Score Details (5.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: High - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Release Date: 2022-09-10

Fix Resolution: v0.25.1,kubernetes-1.22.14,kubernetes-1.23.11,kubernetes-1.24.5,kubernetes-1.25.1

Step up your Open Source Security Game with Mend here

secureflag-knowledge-base[bot] commented 1 year ago

Open Redirect

Play SecureFlagPlay Labs on this vulnerability with SecureFlag!

Start Open Redirect Lab [![](https://public-assets.secureflag.com/images/sf-play.svg)](https://www.secureflag.com/go.html?type=search&q=Open%20Redirect)

Description

Open Redirects, otherwise known as Unvalidated Redirects and Forwards, are a class of vulnerability made possible when a web application, comprised of insufficient input-validation controls, is manipulated into redirecting unwitting users of the application to a malicious, attacker-controlled URL.

This type of exploit is popular with criminals involved in phishing and credential theft, unsurprising given the false layer of trust attributed to the fact that the modified link and the original site share the same server name.

Read more ## Impact There are many overlapping techniques criminals employ to dupe unwitting victims into handing over their hard-earned cash. One of these methods is undoubtedly betting on the misplaced trust many of us place in familiar server names. This [write-up](https://nakedsecurity.sophos.com/2020/05/15/how-scammers-abuse-google-searchs-open-redirect-feature/) exemplifies how even the most arguably well-known URL of all, `https://www.google.com`, can be taken advantage of via its redirection facility. In addition, Open Redirect vulnerabilities can: - Lead to Cross-Site Scripting (XSS) attacks if the redirect uses *data:* or *javascript:* protocols; - Potentially circumvent Server-Side Request Forgery (SSRF) filters; - Nullify allow list effectiveness in some cases to bypass Content Security Policy (CSP); - Lead to Carriage Return and Line Feed (CRLF) attacks if line breaks are present in the destination parameter. ## Scenarios As outlined above, attackers often use this attack as it 'hijacks' the trust users place in a well-known URL. Here's a topical example from 2021; if the target domain is `www.covidvaccinations.com`, an attacker might craft the following URL: ``` http://www.covidvaccinations.com/redirect.php?url=http://attackerwebsite.com ``` Attackers send links like the one above in phishing campaigns in the hopes that they will lure a victim into clicking on the link. ## Prevention The following measures can be applied to either eliminate or drastically reduce the potential for Open Redirect exploitation: - If they aren't necessary, don't use redirects and forwards! - In cases where they are required, do not allow the URL as user input for the destination; - When user input is unavoidable, validate the supplied value, its appropriateness for the application, and ensure it is authorized for the user: - This can be a fiddly task, so closely adhere to best practices and ensure continued maintenance. - If possible, force the user to provide an ID or token that is mapped server-side to a complete target URL; - Input sanitization should be implemented by creating an allow list of trusted URLs determined by host or regex. ## Testing Verify that URL redirects and forwards only allow destinations which appear on an allow list, or show a warning when redirecting to potentially untrusted content. - **OWASP ASVS**: [5.1.5](https://github.com/OWASP/ASVS/releases/download/v4.0.2_release/OWASP.Application.Security.Verification.Standard.4.0.2-en.pdf) [View this in the SecureFlag Knowledge Base](https://knowledge-base.secureflag.com/vulnerabilities/unvalidated_redirects_forwards/open_redirect_vulnerability.html)
mend-bolt-for-github[bot] commented 1 year ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.