CVE-2019-8400 : ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/

ORY Hydra before v1.0.0-rc.3+oryOS.9 has Reflected XSS via the oauth2/fallbacks/error error_hint parameter.

Published 2019-02-17 06:29:01

Updated 2019-02-20 15:48:16

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2019-8400

ORY » Hydra » Version: 0.11.7
cpe:2.3:a:ory:hydra:0.11.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.9
cpe:2.3:a:ory:hydra:0.11.9:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.10
cpe:2.3:a:ory:hydra:0.11.10:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.12
cpe:2.3:a:ory:hydra:0.11.12:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.1 Update Beta1
cpe:2.3:a:ory:hydra:0.1:beta1:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.1 Update Beta2
cpe:2.3:a:ory:hydra:0.1:beta2:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.1 Update Beta3
cpe:2.3:a:ory:hydra:0.1:beta3:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.1 Update Beta4
cpe:2.3:a:ory:hydra:0.1:beta4:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.2.0
cpe:2.3:a:ory:hydra:0.2.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.1
cpe:2.3:a:ory:hydra:0.5.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.2
cpe:2.3:a:ory:hydra:0.5.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.3
cpe:2.3:a:ory:hydra:0.5.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.4
cpe:2.3:a:ory:hydra:0.5.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.9
cpe:2.3:a:ory:hydra:0.6.9:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.10
cpe:2.3:a:ory:hydra:0.6.10:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.0
cpe:2.3:a:ory:hydra:0.7.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.1
cpe:2.3:a:ory:hydra:0.7.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.5
cpe:2.3:a:ory:hydra:0.10.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.7
cpe:2.3:a:ory:hydra:0.10.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.3
cpe:2.3:a:ory:hydra:0.11.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.6
cpe:2.3:a:ory:hydra:0.11.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.14
cpe:2.3:a:ory:hydra:0.11.14:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta2
cpe:2.3:a:ory:hydra:1.0.0:beta2:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta9
cpe:2.3:a:ory:hydra:1.0.0:beta9:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update RC2
cpe:2.3:a:ory:hydra:1.0.0:rc2:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.3.1
cpe:2.3:a:ory:hydra:0.3.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.1
cpe:2.3:a:ory:hydra:0.4.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2 Update Alpha3
cpe:2.3:a:ory:hydra:0.4.2:alpha3:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.3
cpe:2.3:a:ory:hydra:0.4.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.6
cpe:2.3:a:ory:hydra:0.5.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.8
cpe:2.3:a:ory:hydra:0.5.8:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.6
cpe:2.3:a:ory:hydra:0.6.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.8
cpe:2.3:a:ory:hydra:0.6.8:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.2
cpe:2.3:a:ory:hydra:0.7.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.4
cpe:2.3:a:ory:hydra:0.7.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.11
cpe:2.3:a:ory:hydra:0.7.11:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.13
cpe:2.3:a:ory:hydra:0.7.13:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.6
cpe:2.3:a:ory:hydra:0.8.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.0
cpe:2.3:a:ory:hydra:0.9.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.5
cpe:2.3:a:ory:hydra:0.9.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.7
cpe:2.3:a:ory:hydra:0.9.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.14
cpe:2.3:a:ory:hydra:0.9.14:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.16
cpe:2.3:a:ory:hydra:0.9.16:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha14
cpe:2.3:a:ory:hydra:0.10.0:alpha14:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha16
cpe:2.3:a:ory:hydra:0.10.0:alpha16:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha20
cpe:2.3:a:ory:hydra:0.10.0:alpha20:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha3
cpe:2.3:a:ory:hydra:0.10.0:alpha3:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.1
cpe:2.3:a:ory:hydra:0.10.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.3
cpe:2.3:a:ory:hydra:0.10.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha2
cpe:2.3:a:ory:hydra:0.10.0:alpha2:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha19
cpe:2.3:a:ory:hydra:0.10.0:alpha19:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha18
cpe:2.3:a:ory:hydra:0.10.0:alpha18:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha17
cpe:2.3:a:ory:hydra:0.10.0:alpha17:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.13
cpe:2.3:a:ory:hydra:0.9.13:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.12
cpe:2.3:a:ory:hydra:0.9.12:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.11
cpe:2.3:a:ory:hydra:0.9.11:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.10
cpe:2.3:a:ory:hydra:0.9.10:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.9
cpe:2.3:a:ory:hydra:0.9.9:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.4
cpe:2.3:a:ory:hydra:0.8.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.3
cpe:2.3:a:ory:hydra:0.8.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.2
cpe:2.3:a:ory:hydra:0.8.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.1
cpe:2.3:a:ory:hydra:0.8.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.8
cpe:2.3:a:ory:hydra:0.10.8:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.9
cpe:2.3:a:ory:hydra:0.10.9:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.10
cpe:2.3:a:ory:hydra:0.10.10:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.0
cpe:2.3:a:ory:hydra:0.11.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.1
cpe:2.3:a:ory:hydra:0.11.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta4
cpe:2.3:a:ory:hydra:1.0.0:beta4:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta5
cpe:2.3:a:ory:hydra:1.0.0:beta5:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta6
cpe:2.3:a:ory:hydra:1.0.0:beta6:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta7
cpe:2.3:a:ory:hydra:1.0.0:beta7:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2
cpe:2.3:a:ory:hydra:0.4.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2 Update Alpha
cpe:2.3:a:ory:hydra:0.4.2:alpha:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2 Update Alpha1
cpe:2.3:a:ory:hydra:0.4.2:alpha1:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2 Update Alpha2
cpe:2.3:a:ory:hydra:0.4.2:alpha2:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.1
cpe:2.3:a:ory:hydra:0.6.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.2
cpe:2.3:a:ory:hydra:0.6.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.3
cpe:2.3:a:ory:hydra:0.6.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.4
cpe:2.3:a:ory:hydra:0.6.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.6
cpe:2.3:a:ory:hydra:0.7.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.7
cpe:2.3:a:ory:hydra:0.7.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.8
cpe:2.3:a:ory:hydra:0.7.8:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.9
cpe:2.3:a:ory:hydra:0.7.9:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.1
cpe:2.3:a:ory:hydra:0.9.1:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.2
cpe:2.3:a:ory:hydra:0.9.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.3
cpe:2.3:a:ory:hydra:0.9.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.4
cpe:2.3:a:ory:hydra:0.9.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha1
cpe:2.3:a:ory:hydra:0.10.0:alpha1:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha10
cpe:2.3:a:ory:hydra:0.10.0:alpha10:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha11
cpe:2.3:a:ory:hydra:0.10.0:alpha11:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha12
cpe:2.3:a:ory:hydra:0.10.0:alpha12:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha5
cpe:2.3:a:ory:hydra:0.10.0:alpha5:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha6
cpe:2.3:a:ory:hydra:0.10.0:alpha6:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha7
cpe:2.3:a:ory:hydra:0.10.0:alpha7:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha8
cpe:2.3:a:ory:hydra:0.10.0:alpha8:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha9
cpe:2.3:a:ory:hydra:0.10.0:alpha9:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.4
cpe:2.3:a:ory:hydra:0.10.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.6
cpe:2.3:a:ory:hydra:0.10.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.2
cpe:2.3:a:ory:hydra:0.11.2:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.11.4
cpe:2.3:a:ory:hydra:0.11.4:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta1
cpe:2.3:a:ory:hydra:1.0.0:beta1:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta3
cpe:2.3:a:ory:hydra:1.0.0:beta3:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update Beta8
cpe:2.3:a:ory:hydra:1.0.0:beta8:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 1.0.0 Update RC1
cpe:2.3:a:ory:hydra:1.0.0:rc1:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.3.0
cpe:2.3:a:ory:hydra:0.3.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.0
cpe:2.3:a:ory:hydra:0.4.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.4.2 Update Alpha4
cpe:2.3:a:ory:hydra:0.4.2:alpha4:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.0
cpe:2.3:a:ory:hydra:0.5.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.5
cpe:2.3:a:ory:hydra:0.5.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.5.7
cpe:2.3:a:ory:hydra:0.5.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.0
cpe:2.3:a:ory:hydra:0.6.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.5
cpe:2.3:a:ory:hydra:0.6.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.6.7
cpe:2.3:a:ory:hydra:0.6.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.3
cpe:2.3:a:ory:hydra:0.7.3:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.5
cpe:2.3:a:ory:hydra:0.7.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.10
cpe:2.3:a:ory:hydra:0.7.10:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.7.12
cpe:2.3:a:ory:hydra:0.7.12:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.0
cpe:2.3:a:ory:hydra:0.8.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.5
cpe:2.3:a:ory:hydra:0.8.5:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.8.7
cpe:2.3:a:ory:hydra:0.8.7:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.6
cpe:2.3:a:ory:hydra:0.9.6:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.8
cpe:2.3:a:ory:hydra:0.9.8:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.9.15
cpe:2.3:a:ory:hydra:0.9.15:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0
cpe:2.3:a:ory:hydra:0.10.0:*:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha13
cpe:2.3:a:ory:hydra:0.10.0:alpha13:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha15
cpe:2.3:a:ory:hydra:0.10.0:alpha15:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha21
cpe:2.3:a:ory:hydra:0.10.0:alpha21:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.0 Update Alpha4
cpe:2.3:a:ory:hydra:0.10.0:alpha4:*:*:*:*:*:*
Matching versions
ORY » Hydra » Version: 0.10.2
cpe:2.3:a:ory:hydra:0.10.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2019-8400

EPSS FAQ

0.34%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 54 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-8400

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

CWE ids for CVE-2019-8400

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-8400

https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06

hydra/CHANGELOG.md at master · ory/hydra · GitHub
Release Notes;Third Party Advisory
https://www.youtube.com/watch?v=RIyZLeKEC8E

Reflected XSS in Zomato | POC Video| - YouTube
Exploit;Third Party Advisory
https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3

oauth2: Use html templates in fallback endpoints (#1202) · ory/hydra@9b5bbd4 · GitHub
Patch;Third Party Advisory
https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk

Bildschirmfoto_2018-12-06_um_18.53.04 (1).png - Google Drive
Release Notes;Third Party Advisory
https://hackerone.com/reports/456333

#456333 [auth2.zomato.com] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider
Exploit;Issue Tracking;Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-8400

Products affected by CVE-2019-8400

Exploit prediction scoring system (EPSS) score for CVE-2019-8400

CVSS scores for CVE-2019-8400

CWE ids for CVE-2019-8400

References for CVE-2019-8400