You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Mirth Docker Container Version : 4.4.0
OS : RHEL 8.8
Server: Docker Engine - Community
Engine:
Version: 24.0.6
API version: 1.43 (minimum version 1.12)
Go version: go1.20.7
Built: Mon Sep 4 12:32:10 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.24
runc:
Version: 1.1.9
docker-init:
Version: 0.19.0
Output from Tenable.io
Path : /var/lib/docker/overlay2/56a86609a5c358b00335308a359f1488f072a6334a2581efff2500ec3ef757ee/diff/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
Installed version : 7.81.0
Fixed version : 8.4.0
Path : /var/lib/docker/overlay2/538f1407aefec940f4e6545473576e2d6069d3eed266467b27bf384ccc67ad5d/merged/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
Installed version : 7.81.0
Fixed version : 8.4.0
Description
The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates 'easy handles' that are the individual handles for single transfers.
libcurl provides a function call that duplicates an easy handle called curl_easy_duphandle.
If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Exploitability Information
EXPLOIT AVAILABLE
True
EXPLOIT EASE
Exploits are available
VPR Key Drivers
THREAT RECENCY
1 to 7 days
THREAT INTENSITY
Very High
EXPLOIT CODE MATURITY
Proof of Concept
AGE OF VULN
days +
PRODUCT COVERAGE
UNKNOWN
CVSSV3 IMPACT SCORE
1.4
THREAT SOURCES
Social Media
Risk Information
VULNERABILITY PRIORITY RATING (VPR)
2.9
RISK FACTOR
Medium
CVSS BASE SCORE
4.3
CVSS TEMPORAL SCORE
3.4
CVSS VECTOR
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS TEMPORAL VECTOR
E:POC/RL:OF/RC:C
CVSS3 BASE SCORE
5.3
CVSS3 TEMPORAL SCORE
4.8
CVSS3 VECTOR
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS3 TEMPORAL VECTOR
E:P/RL:O/RC:C
IVAM SEVERITY
I
Vulnerability Information
VULN PUBLISHED
10/10/2023 at 05:00 PM
EXPLOITABILITY
PATCH PUBLISHED
10/10/2023 at 05:00 PM
CPE
cpe:/a:haxx:libcurl
Reference Information
CVE CVE-2023-38546
IAVA
2023-A-0531
The text was updated successfully, but these errors were encountered:
Found using Tenable.io within FEDRAMP environment
Mirth Docker Container Version : 4.4.0
OS : RHEL 8.8
Server: Docker Engine - Community
Engine:
Version: 24.0.6
API version: 1.43 (minimum version 1.12)
Go version: go1.20.7
Built: Mon Sep 4 12:32:10 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.24
runc:
Version: 1.1.9
docker-init:
Version: 0.19.0
Output from Tenable.io
Path : /var/lib/docker/overlay2/56a86609a5c358b00335308a359f1488f072a6334a2581efff2500ec3ef757ee/diff/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
Installed version : 7.81.0
Fixed version : 8.4.0
Path : /var/lib/docker/overlay2/538f1407aefec940f4e6545473576e2d6069d3eed266467b27bf384ccc67ad5d/merged/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
Installed version : 7.81.0
Fixed version : 8.4.0
Description
The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met.
libcurl performs transfers. In its API, an application creates 'easy handles' that are the individual handles for single transfers.
libcurl provides a function call that duplicates an easy handle called curl_easy_duphandle.
If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as none (using the four ASCII letters, no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named none - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Exploitability Information
EXPLOIT AVAILABLE
True
EXPLOIT EASE
Exploits are available
VPR Key Drivers
THREAT RECENCY
1 to 7 days
THREAT INTENSITY
Very High
EXPLOIT CODE MATURITY
Proof of Concept
AGE OF VULN
days +
PRODUCT COVERAGE
UNKNOWN
CVSSV3 IMPACT SCORE
1.4
THREAT SOURCES
Social Media
Risk Information
VULNERABILITY PRIORITY RATING (VPR)
2.9
RISK FACTOR
Medium
CVSS BASE SCORE
4.3
CVSS TEMPORAL SCORE
3.4
CVSS VECTOR
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS TEMPORAL VECTOR
E:POC/RL:OF/RC:C
CVSS3 BASE SCORE
5.3
CVSS3 TEMPORAL SCORE
4.8
CVSS3 VECTOR
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS3 TEMPORAL VECTOR
E:P/RL:O/RC:C
IVAM SEVERITY
I
Vulnerability Information
VULN PUBLISHED
10/10/2023 at 05:00 PM
EXPLOITABILITY
PATCH PUBLISHED
10/10/2023 at 05:00 PM
CPE
cpe:/a:haxx:libcurl
Reference Information
CVE
CVE-2023-38546
IAVA
2023-A-0531
The text was updated successfully, but these errors were encountered: