CVE-2023-46749 - Vulnerability Details - OpenCVE

Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Shiro
Redhat	Jboss Fuse

Configuration 1 [-]

OR	cpe:2.3:a:apache:shiro::::::::
	cpe:2.3:a:apache:shiro:2.0.0:alpha1::::::
	cpe:2.3:a:apache:shiro:2.0.0:alpha2::::::
	cpe:2.3:a:apache:shiro:2.0.0:alpha3::::::

Package	CPE	Advisory	Released Date
Red Hat Fuse 7.13.0
shiro	cpe:/a:redhat:jboss_fuse:7	RHSA-2024:3354	2024-05-23T00:00:00Z

References

Link	Providers
https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm
https://nvd.nist.gov/vuln/detail/CVE-2023-46749
https://www.cve.org/CVERecord?id=CVE-2023-46749

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-01-15T09:57:31.613Z

Updated: 2024-08-02T20:53:21.049Z

Reserved: 2023-10-25T18:55:02.833Z

Link: CVE-2023-46749

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-15T10:15:26.380

Modified: 2024-11-21T08:29:13.427

Link: CVE-2023-46749

Redhat

Severity : Moderate

Publid Date: 2024-01-12T00:00:00Z

Links: CVE-2023-46749 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-46749", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-10-25T18:55:02.833Z", "datePublished": "2024-01-15T09:57:31.613Z", "dateUpdated": "2024-08-02T20:53:21.049Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Shiro", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.13.0", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "2.0.0-alpha-4", "status": "affected", "version": "2.0.0-alpha-1", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting <br><br><span style=\"background-color: rgb(255, 255, 255);\">Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).<br></span><br>"}], "value": "Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \n\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-01-20T10:01:32.470Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T20:53:21.049Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:*", "matchCriteriaId": "4506F25B-7525-4608-9541-2FA9A31C72BF", "versionEndExcluding": "1.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "27D6F919-851F-470D-A8E7-0F56C1EA16FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "A759179A-E4A9-4A6A-9CCB-5BB9CC73F7E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:shiro:2.0.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "637D39D2-0D98-4137-8D48-C6D8834E07B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \n\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).\n\n"}, {"lang": "es", "value": "Apache Shiro anterior a 1.130 o 2.0.0-alpha-4 puede ser susceptible a un ataque de path traversal que da como resultado una omisi\u00f3n de autenticaci\u00f3n cuando se usa junto con path rewriting. Mitigaci\u00f3n: actualice a Apache Shiro 1.13.0+ o 2.0.0-alpha- 4+, o aseg\u00farese de que `blockSemicolon` est\u00e9 habilitado (este es el valor predeterminado)."}], "id": "CVE-2023-46749", "lastModified": "2024-11-21T08:29:13.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T10:15:26.380", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/mdv7ftz7k4488rzloxo2fb0p9shnp9wm"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:3354", "cpe": "cpe:/a:redhat:jboss_fuse:7", "package": "shiro", "product_name": "Red Hat Fuse 7.13.0", "release_date": "2024-05-23T00:00:00Z"}], "bugzilla": {"description": "shiro: path traversal attack may lead to authentication bypass", "id": "2258134", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258134"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-22->CWE-288", "details": ["Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).", "A flaw was found in Apache Shiro, which may allow a path traversal attack. When this issue is combined with the path rewriting feature, it can lead to an authentication bypass."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by making sure 'blockSemicolon' is enabled."}, "name": "CVE-2023-46749", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Out of support scope", "package_name": "shiro", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Not affected", "package_name": "shiro", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:quarkus:3", "fix_state": "Not affected", "package_name": "org.apache.shiro/shiro-core", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "shiro", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "shiro-core", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2024-01-12T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-46749\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-46749"], "threat_severity": "Moderate", "upstream_fix": "shiro 1.13.0, shiro 2.0.0-alpha-4"}