Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp

CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection

Impact

This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield.

For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., https://a.example.com/) of the target site (e.g., http://example.com/).

This vulnerability exists whether Config\Security::$csrfProtection is 'cookie' or 'session'.
It is also exploitable whether Config\Security::$regenerate is true or false.

Patches

Upgrade to CodeIgniter v4.2.3 or later and Shield v1.0.0-beta.2 or later.

Workarounds

Do all of the following:

References

For more information

If you have any questions or comments about this advisory:

Permalink: https://github.com/advisories/GHSA-5hm8-vh6r-2cjq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago


CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L

Identifiers: GHSA-5hm8-vh6r-2cjq, CVE-2022-35943
References: Repository: https://github.com/codeigniter4/shield
Blast Radius: 9.1

Affected Packages

packagist:codeigniter4/shield
Dependent packages: 7
Dependent repositories: 35
Downloads: 102,692 total
Affected Version Ranges: = 1.0.0-beta
Fixed in: 1.0.0-beta.2
All affected versions: 1.0.0-beta
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3