Skip to main content

Revive Adserver CVE-2020-8142

MEDIUM
Incorrect Authorization (CWE-863)
2020-04-03 support@hackerone.com
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 03, 2020 - 21:15 nvd
MEDIUM 6.8

DescriptionNVD

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided.

AnalysisAI

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144. Revive Adserver, like many other applications, requires the logged in user to type the current password in order to change the e-mail address or the password. It was however possible for anyone with access to a Revive Adserver admin user interface to bypass such check and change e-email address or password of the currently logged in user by altering the form payload.The attack requires physical access to the user interface of a logged in user. If the POST payload was altered by turning the “pwold” parameter into an array, Revive Adserver would fetch and authorise the operation even if no password was provided. Affected products include: Revive-Adserver Revive Adserver.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

CVE-2019-5434 CRITICAL POC
9.8 May 06

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() cal

CVE-2019-5440 HIGH POC
8.1 May 28

Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potent

CVE-2013-5954 MEDIUM POC
6.8 Apr 25

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack

CVE-2021-22948 HIGH POC
7.1 Sep 23

Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqi

CVE-2017-5830 CRITICAL
9.8 Mar 03

Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies relate

CVE-2023-38040 MEDIUM POC
6.1 Sep 17

A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. Rated medium severity (CVSS 6.1), t

CVE-2021-22889 MEDIUM POC
6.1 Mar 25

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.

CVE-2021-22888 MEDIUM POC
6.1 Mar 25

Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-

CVE-2021-22875 MEDIUM POC
6.1 Jan 28

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.

CVE-2021-22874 MEDIUM POC
6.1 Jan 28

Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset`

CVE-2021-22873 MEDIUM POC
6.1 Jan 26

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg

CVE-2021-22872 MEDIUM POC
6.1 Jan 26

Revive Adserver before 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly acce

Share

CVE-2020-8142 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy