CVE-2021-32624

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having `read` access control configured. If you use private fields or lists, you may be impacted. No patches exist at this time. There are no workarounds at this time

CVSS v3 5.3 MEDIUM
CVSS v2.0 3.5 LOW

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:P/I:N/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/keystonejs/keystone-5/security/advisories/GHSA-27g8-r9vw-765x	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:keystonejs:keystone-5:*:*:*:*:*:node.js:*:*

History

28 May 2021, 16:16

Type	Values Removed	Values Added
CPE		cpe:2.3:a:keystonejs:keystone-5::::::node.js::*
CWE		CWE-200
References	~~(CONFIRM) https://github.com/keystonejs/keystone-5/security/advisories/GHSA-27g8-r9vw-765x -~~	(CONFIRM) https://github.com/keystonejs/keystone-5/security/advisories/GHSA-27g8-r9vw-765x - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.5 v3 : 5.3

24 May 2021, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-05-24 17:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-32624

Mitre link : CVE-2021-32624

CVE.ORG link : CVE-2021-32624

JSON object : View

Products Affected

keystonejs

keystone-5

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-32624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2021-05-24T17:15:07.427", "references": [{"url": "https://github.com/keystonejs/keystone-5/security/advisories/GHSA-27g8-r9vw-765x", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having `read` access control configured. If you use private fields or lists, you may be impacted. No patches exist at this time. There are no workarounds at this time"}, {"lang": "es", "value": "Keystone versi\u00f3n 5 es una plataforma CMS de c\u00f3digo abierto para crear aplicaciones Node.js. Este aviso de seguridad se relaciona con una capacidad reci\u00e9n descubierta en nuestra infraestructura de consultas para exponer directa o indirectamente los valores de los campos privados, omitiendo el control de acceso configurado. Este es un ataque de Oracle relacionado con el control de acceso en el sentido de que el m\u00e9todo de ataque gu\u00eda al atacante durante su intento de revelar informaci\u00f3n a la que no presenta acceso. La complejidad de completar el ataque est\u00e1 limitada por algunos comportamientos que dependen de la longitud y la fidelidad de la informaci\u00f3n expuesta. En algunas circunstancias, se pueden determinar valores de campo o metadatos de valor de campo, a pesar de que el campo o la lista tenga configurado el control de acceso de \"read\". Si usa campos o listas privados, puede verse afectado. No presentan parches en este momento. No se presentan soluciones alternativas en este momento"}], "lastModified": "2021-05-28T16:16:10.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:keystonejs:keystone-5:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "8BA6E8F5-DB54-4D81-A85D-793A176E73A4", "versionEndIncluding": "19.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}