// For flags

CVE-2021-31406

Timing side channel vulnerability in endpoint request handler in Vaadin 15-19

Severity Score

2.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.

La comparación non-constant-time de tokens CSRF en el manejador de peticiones de endpoint en com.vaadin:flow-server versiones 3.0.0 hasta 5.0.3 (Vaadin versiones 15.0.0 hasta 18.0.6) y com.vaadin:fusion-endpoint versión 6.0.0 (Vaadin versión 19.0.0), permite al atacante adivinar un token de seguridad para los endpoints de Fusion por medio de un ataque de sincronización

*Credits: This issue was discovered and responsibly reported by Xhelal Likaj.
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-15 CVE Reserved
  • 2021-04-23 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-17 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-203: Observable Discrepancy
  • CWE-208: Observable Timing Discrepancy
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
https://github.com/vaadin/flow/pull/10157 2021-04-30
URL Date SRC
https://vaadin.com/security/cve-2021-31406 2021-04-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 >= 3.0.0 < 5.0.4
Search vendor "Vaadin" for product "Flow" and version " >= 3.0.0 < 5.0.4"
-
Affected
Vaadin
Search vendor "Vaadin"
 Flow
Search vendor "Vaadin" for product "Flow"
 6.0.0
Search vendor "Vaadin" for product "Flow" and version "6.0.0"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 >= 15.0.0 < 18.0.7
Search vendor "Vaadin" for product "Vaadin" and version " >= 15.0.0 < 18.0.7"
-
Affected
Vaadin
Search vendor "Vaadin"
 Vaadin
Search vendor "Vaadin" for product "Vaadin"
 19.0.0
Search vendor "Vaadin" for product "Vaadin" and version "19.0.0"
-
Affected