CVE-2021-32624

Private Field data leak

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having `read` access control configured. If you use private fields or lists, you may be impacted. No patches exist at this time. There are no workarounds at this time

Keystone versión 5 es una plataforma CMS de código abierto para crear aplicaciones Node.js. Este aviso de seguridad se relaciona con una capacidad recién descubierta en nuestra infraestructura de consultas para exponer directa o indirectamente los valores de los campos privados, omitiendo el control de acceso configurado. Este es un ataque de Oracle relacionado con el control de acceso en el sentido de que el método de ataque guía al atacante durante su intento de revelar información a la que no presenta acceso. La complejidad de completar el ataque está limitada por algunos comportamientos que dependen de la longitud y la fidelidad de la información expuesta. En algunas circunstancias, se pueden determinar valores de campo o metadatos de valor de campo, a pesar de que el campo o la lista tenga configurado el control de acceso de "read". Si usa campos o listas privados, puede verse afectado. No presentan parches en este momento. No se presentan soluciones alternativas en este momento

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-05-12 CVE Reserved
2021-05-24 CVE Published
2023-03-08 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (1)

URL	Tag	Source
https://github.com/keystonejs/keystone-5/security/advisories/GHSA-27g8-r9vw-765x	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Keystonejs Search vendor "Keystonejs"		Keystone-5 Search vendor "Keystonejs" for product "Keystone-5"				<= 19.3.2 Search vendor "Keystonejs" for product "Keystone-5" and version " <= 19.3.2"		node.js		Affected