Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-30861

Published: 02/05/2023 Updated: 20/08/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Palletsprojects

Vulnerability Summary

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met. 1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies. 2. The application sets `session.permanent = True` 3. The application does not access or modify the session at any point during a request. 4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default). 5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached. This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

palletsprojects flask

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2023-2088 / OSSA-2023-003: Unauthorized volume access through deleted volume attachments
Debian Bug report logs - #1035932 CVE-2023-2088 / OSSA-2023-003: Unauthorized volume access through deleted volume attachments Package: src:python-os-brick; Maintainer for src:python-os-brick is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Thu, 11 May 2023 1 ...
Debian CVElist Bug Report Logs: flask: CVE-2023-30861: Possible disclosure of permanent session cookie due to missing Vary: Cookie header
Debian Bug report logs - #1035670 flask: CVE-2023-30861: Possible disclosure of permanent session cookie due to missing Vary: Cookie header Package: src:flask; Maintainer for src:flask is Debian Python Team <team+python@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 7 May 2023 1 ...
Debian Security Advisories: DSA-5442-1 flask -- security update
It was discovered that in some conditions the Flask web framework may disclose a session cookie For the oldstable distribution (bullseye), this problem has been fixed in version 112-2+deb11u1 We recommend that you upgrade your flask packages For the detailed security status of flask please refer to its security tracker page at: securit ...
Red Hat: Important: python-flask security update
Synopsis Important: python-flask security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-flask is now available for Red Hat Enterprise Linux 7 ExtrasRed Hat Product Security has rated this up ...
Red Hat: Important: Red Hat OpenStack Platform 16.1 (python-flask) security update
Synopsis Important: Red Hat OpenStack Platform 161 (python-flask) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-flask is now available for Red Hat OpenStack Platform161 (Train)Red ...
Red Hat: Important: OpenShift Container Platform 4.12.21 packages and security update
Synopsis Important: OpenShift Container Platform 41221 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 41221 is now available with updates to p ...
Red Hat: Important: OpenShift Container Platform 4.13.3 packages and security update
Synopsis Important: OpenShift Container Platform 4133 packages and security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Container Platform release 4133 is now available with updates to pac ...
Red Hat: Important: Red Hat Quay security update
Synopsis Important: Red Hat Quay security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Quay 3Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available f ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Flask is a lightweight WSGI web application framework When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients If the proxy also caches `Set-Cookie` headers, it may send one client' ...

Github Repositories

https://github.com/crumpman/pulsecheck

Pulsecheck - Get current and historical vulnerability insights from the GItHub Advisory Database https://github.com/advisories/database, by checking the pulse of your project’s dependencies delivered in an easy-to-use CLI.

Pulsecheck I wrote Pulsecheck to serve as a tool for early-stage research on OSS third-party libraries and package vulnerabilities Pulsecheck parses your dependency files and queries the GitHub Advisory Database for all relevant GitHub-reviewed security advisories It will provide data on every reviewed GHSA advisory for your respective dependency This project showcases how t

https://github.com/mansi1811-s/samp

Trivy scanning Dempo for security scanning in CI CD workflow using Trivy In the requiremnetstxt we are using the old version of flask ie Flask==201 which is causing CVE-2023-30861: Flask (METADATA) vulnerability To fix this we will update the requirementstxt file by adding Flask==232 To fix CVE-2022-40897 : setuptools (METAD

https://github.com/JawadPy/CVE-2023-30861-Exploit

Explaining how to exploit CVE-2023-30861

Intro This bug happens because Flask doesn't tell the caching server (proxy) to be careful with sensitive information like cookies To use this attack you have to check your checklist User must use a proxy and accesses the flask webapp Proxy must be caching proxy (caching server) Flask version of the targeted flask website that user uses must be before 225 Attacker mus

https://github.com/saxetr/dependabot_vulnerabilities_check

dependabot_vulnerabilities_check docsgithubcom/ru/code-security/dependabot Example: Known security vulnerabilities detected Dependency flask Version < 225 Upgrade to ~> 225 Defined in Pipfile Vulnerabilities CVE-2023-30861 High severity

References

CWE-539https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2bhttps://github.com/pallets/flask/releases/tag/2.3.2https://github.com/pallets/flask/releases/tag/2.2.5https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpqhttps://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965https://www.debian.org/security/2023/dsa-5442https://security.netapp.com/advisory/ntap-20230818-0006/https://lists.debian.org/debian-lts-announce/2023/08/msg00024.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035932https://github.com/crumpman/pulsecheckhttps://www.debian.org/security/2023/dsa-5442
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook