CVE-2022-46170

CodeIgniter is vulnerable to improper authentication via Session Handlers

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

CodeIgniter is a PHP full-stack web framework. When an application uses (1) multiple session cookies (e.g., one for user pages and one for admin pages) and (2) a session handler is set to `DatabaseHandler`, `MemcachedHandler`, or `RedisHandler`, then if an attacker gets one session cookie (e.g., one for user pages), they may be able to access pages that require another session cookie (e.g., for admin pages). This issue has been patched, please upgrade to version 4.2.11 or later. As a workaround, use only one session cookie.

CodeIgniter es un framework web PHP full-stack. Cuando una aplicación utiliza (1) múltiples cookies de sesión (por ejemplo, una para páginas de usuario y otra para páginas de administración) y (2) un controlador de sesión está configurado en `DatabaseHandler`, `MemcachedHandler` o `RedisHandler`, entonces, si un atacante obtiene una cookie de sesión (por ejemplo, una para páginas de usuario), es posible que pueda acceder a páginas que requieren otra cookie de sesión (por ejemplo, para páginas de administración). Este problema ha sido solucionado; actualice a la versión 4.2.11 o posterior. Como solución alternativa, utilice solo una cookie de sesión.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-28 CVE Reserved
2022-12-22 CVE Published
2024-07-14 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication

CAPEC

References (2)

URL	Tag	Source
https://github.com/codeigniter4/CodeIgniter4/security/advisories/GHSA-6cq5-8cj7-g558	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/codeigniter4/CodeIgniter4/commit/f9fb6574fbeb5a4aa63f7ea87296523e10db9328	2023-11-07

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Codeigniter Search vendor "Codeigniter"		Codeigniter Search vendor "Codeigniter" for product "Codeigniter"				>= 4.0.0 < 4.2.11 Search vendor "Codeigniter" for product "Codeigniter" and version " >= 4.0.0 < 4.2.11"		-		Affected