NVD Vulnerability Detail

CVE-2020-15135

Summary	save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF attack would require you to navigate to a malicious site while you have an active session with Save-Server (Session key stored in cookies). The malicious user would then be able to perform some actions, including uploading/deleting files and adding redirects. If you are logged in as root, this attack is significantly more severe. They can in addition create, delete and update users. If they updated the password of a user, that user's files would then be available. If the root password is updated, all files would be visible if they logged in with the new password. Note that due to the same origin policy malicious actors cannot view the gallery or the response of any of the methods, nor be sure they succeeded. This issue has been patched in version 1.0.7.
Publication Date	Aug. 5, 2020, 6:15 a.m.
Registration Date	Jan. 26, 2021, 11:53 a.m.
Last Update	Nov. 21, 2024, 2:04 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:save-server_project:save-server::::::node.js::*					1.0.5

Related information, measures and tools

No	URL	タグ
1	https://github.com/Neztore/save-server/security/advisories/GHSA-wwrj-35w6-77ff	Third Party Advisory
2	https://github.com/Neztore/save-server/security/advisories/GHSA-wwrj-35w6-77ff	Third Party Advisory
3	https://medium.com/cross-site-request-forgery-csrf/double-submit-cookie-pattern-65bb71d80d9f	Exploit Third Party Advisory
4	https://medium.com/cross-site-request-forgery-csrf/double-submit-cookie-pattern-65bb71d80d9f	Exploit Third Party Advisory
5	https://www.npmjs.com/package/save-server	Product Third Party Advisory
6	https://www.npmjs.com/package/save-server	Product Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-352	クロスサイト・リクエスト・フォージェリ（CSRF）	https://cwe.mitre.org/data/definitions/352.html
2	CWE-352	同一生成元ポリシー違反	https://cwe.mitre.org/data/definitions/346.html

JVN Vulnerability Information

save-server におけるクロスサイトリクエストフォージェリの脆弱性

Title	save-server におけるクロスサイトリクエストフォージェリの脆弱性
Summary	save-server (npm package) には、クロスサイトリクエストフォージェリの脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 3, 2020, midnight
Registration Date	Oct. 16, 2020, 3:32 p.m.
Last Update	Oct. 16, 2020, 3:32 p.m.

Affected System

save-server project

save-server 1.05 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-15135	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15135
National Vulnerability Database (NVD)
2	CVE-2020-15135	https://nvd.nist.gov/vuln/detail/CVE-2020-15135

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-352	https://jvndb.jvn.jp/ja/cwe/CWE-352.html

ベンダー情報

No	Name	URL
GitHub
1	CSRF vulnerability	https://github.com/Neztore/save-server/security/advisories/GHSA-wwrj-35w6-77ff
2	save-server	https://www.npmjs.com/package/save-server

Change Log

No	Changed Details	Date of change
1	[2020年10月16日] 掲載	Oct. 16, 2020, 3:32 p.m.