CVE-2022-35943
SameSite may allow cross-site request forgery (CSRF) protection to be bypassed
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., `https://a.example.com/`) of the target site (e.g., `http://example.com/`). Upgrade to **CodeIgniter v4.2.3 or later** and **Shield v1.0.0-beta.2 or later**. As a workaround: set `Config\Security::$csrfProtection` to `'session,'`remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)
Shield es un marco de autenticación y autorización para CodeIgniter 4. Esta vulnerabilidad puede permitir a [Atacantes del Mismo Sitio](https://canitakeyoursubdomain.name/) omitir el mecanismo de [protección CSRF de CodeIgniter4](https://codeigniter4.github.io/userguide/libraries/security.html) con CodeIgniter Shield. Para que este ataque tenga éxito, el atacante debe tener control directo (o indirecto, por ejemplo, de tipo XSS) sobre un sitio subdominio (por ejemplo, "https://a.example.com/") del sitio objetivo (por ejemplo, "http://example.com/"). Actualice a **CodeIgniter versiones v4.2.3 o posteriores** y **Shield versiones v1.0.0-beta.2 o posteriores**. Como mitigación: establezca "Config\Security::$csrfProtection" como ""sesión,""elimine los datos de la sesión antigua justo después del inicio de sesión (inmediatamente después de que el ID y la contraseña coincidan) y regenere el token CSRF justo después del inicio de sesión (inmediatamente después de que el ID y la contraseña coincidan)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-08-12 CVE Published
- 2024-04-02 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://codeigniter4.github.io/userguide/libraries/security.htm | Broken Link | |
| https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite | Third Party Advisory | |
| https://jub0bs.com/posts/2021-01-29-great-samesite-confusion | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Codeigniter Search vendor "Codeigniter" | Codeigniter Search vendor "Codeigniter" for product "Codeigniter" | < 4.2.3 Search vendor "Codeigniter" for product "Codeigniter" and version " < 4.2.3" | - |
Affected
| ||||||
| Codeigniter Search vendor "Codeigniter" | Shield Search vendor "Codeigniter" for product "Shield" | 1.0.0 Search vendor "Codeigniter" for product "Shield" and version "1.0.0" | beta |
Affected
| ||||||