Vulnerability Details : CVE-2018-10966
Potential exploit
An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret.
Products affected by CVE-2018-10966
- cpe:2.3:a:gamerpolls:gamerpolls:0.4.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-10966
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-10966
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
7.3
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
NIST |
CWE ids for CVE-2018-10966
-
The product contains hard-coded credentials, such as a password or cryptographic key.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-10966
-
https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58
gamerpolls.com/all.js at 03ccbaf219410e0a45390d0efc12017f08a25282 · GamerPolls/gamerpolls.com · GitHubPatch;Third Party Advisory
-
https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune
Page not found | Digital InterruptionExploit;Third Party Advisory
-
https://github.com/GamerPolls/gamerpolls.com/pull/56
Remove use of hard coded secret by rastating · Pull Request #56 · GamerPolls/gamerpolls.com · GitHubPatch;Third Party Advisory
Jump to