CVE-2018-10966 Information

Description

An issue was discovered in GamerPolls 0.4.6 related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over and re-sign it using the hard coded secret.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.jsL58 https://github.com/GamerPolls/gamerpolls.com/pull/56 https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3