CVE-2022-35943
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L
Summary
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow SameSite Attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct (or indirect, e.g., XSS) control over a subdomain site (e.g., https://a.example.com/) of the target site (e.g., http://example.com/). Upgrade to CodeIgniter v4.2.3 or later and Shield v1.0.0-beta.2 or later. As a workaround: set Config\Security::$csrfProtection to 'session,'remove old session data right after login (immediately after ID and password match) and regenerate CSRF token right after login (immediately after ID and password match)
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| codeigniter4 | shield | > 4.3.2, > v1.0.0-beta.2 | affected |
Weaknesses
- CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
- https://codeigniter4.github.io/userguide/libraries/security.htm
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
- https://jub0bs.com/posts/2021-01-29-great-samesite-confusion
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/codeigniter4/shield/security/advisories/GHSA-5hm8-vh6r-2cjq
- https://codeigniter4.github.io/userguide/libraries/security.htm
- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
- https://jub0bs.com/posts/2021-01-29-great-samesite-confusion
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.