// For flags

CVE-2021-31404

Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18

Severity Score

2.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.

La comparación non-constant-time de tokens CSRF en el manejador de peticiones UIDL en com.vaadin:flow-server versiones 1.0.0 hasta 1.0.13 (Vaadin versiones 10.0.0 hasta 10.0.16), versiones 1.1.0 anteriores a 2.0.0 (Vaadin versiones 11 anteriores a 14), versiones 2.0.0 hasta 2.4.6 (Vaadin versiones 14.0.0 hasta 14.4.6), versiones 3.0.0 anteriores a 5.0.0 (Vaadin versiones 15 anteriores a 18) y versiones 5.0.0 hasta 5.0.2 (Vaadin versiones 18.0.0 hasta 18.0.5), permite al atacante adivinar un token de seguridad por medio de un ataque de sincronización

*Credits: This issue was discovered and responsibly reported by Xhelal Likaj.
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-04-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-203: Observable Discrepancy
  • CWE-208: Observable Timing Discrepancy
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
https://github.com/vaadin/flow/pull/9875 2021-04-30
URL Date SRC
https://vaadin.com/security/cve-2021-31404 2021-04-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 1.0.0 < 1.0.14
Search vendor "Vaadin" for product "Flow" and version " >= 1.0.0 < 1.0.14"
-
Affected
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 1.1.0 < 2.0.0
Search vendor "Vaadin" for product "Flow" and version " >= 1.1.0 < 2.0.0"
-
Affected
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 2.0.0 < 2.4.7
Search vendor "Vaadin" for product "Flow" and version " >= 2.0.0 < 2.4.7"
-
Affected
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 3.0.0 < 5.0.0
Search vendor "Vaadin" for product "Flow" and version " >= 3.0.0 < 5.0.0"
-
Affected
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 5.0.0 < 5.0.3
Search vendor "Vaadin" for product "Flow" and version " >= 5.0.0 < 5.0.3"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 10.0.0 < 10.0.17
Search vendor "Vaadin" for product "Vaadin" and version " >= 10.0.0 < 10.0.17"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 11.0.0 < 14.0.0
Search vendor "Vaadin" for product "Vaadin" and version " >= 11.0.0 < 14.0.0"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 14.0.0 < 14.4.7
Search vendor "Vaadin" for product "Vaadin" and version " >= 14.0.0 < 14.4.7"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 15.0.0 < 17.0.0
Search vendor "Vaadin" for product "Vaadin" and version " >= 15.0.0 < 17.0.0"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 18.0.0 < 18.0.6
Search vendor "Vaadin" for product "Vaadin" and version " >= 18.0.0 < 18.0.6"
-
Affected