CWE-346
Origin Validation Error
Description
The product does not properly verify that the source of data or communication is valid.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-111 · CAPEC-141 · CAPEC-142 · CAPEC-160 · CAPEC-21 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-510 · CAPEC-59 · CAPEC-60 · CAPEC-75 · CAPEC-76 · CAPEC-89
CVEs mapped to this weakness (296)
page 14 of 15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-23898 | 0.00 | — | 0.67 | Jan 24, 2024 | Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute… | |||
| CVE-2023-49803 | — | 0.00 | — | 0.00 | Dec 11, 2023 | @koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the… | ||
| CVE-2023-2850 | 0.00 | — | 0.00 | Jul 25, 2023 | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | |||
| CVE-2023-32993 | 0.00 | — | 0.00 | May 16, 2023 | Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | |||
| CVE-2023-26114 | — | 0.00 | — | 0.00 | Mar 23, 2023 | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance. | ||
| CVE-2023-22899 | 0.00 | — | 0.01 | Jan 10, 2023 | Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. | |||
| CVE-2017-20146 | 0.00 | — | 0.01 | Dec 27, 2022 | Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy. | |||
| CVE-2022-41924 | 0.00 | — | 0.02 | Nov 23, 2022 | A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and… | |||
| CVE-2022-42975 | — | 0.00 | — | 0.01 | Oct 17, 2022 | socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | ||
| CVE-2022-3457 | — | 0.00 | — | 0.00 | Oct 13, 2022 | Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5. | ||
| CVE-2022-31151 | 0.00 | — | 0.01 | Jul 20, 2022 | Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a… | |||
| CVE-2022-24762 | — | 0.00 | — | 0.01 | Mar 14, 2022 | sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has… | ||
| CVE-2022-25146 | 0.00 | — | 0.01 | Mar 2, 2022 | The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted… | |||
| CVE-2022-21712 | 0.00 | — | 0.01 | Feb 7, 2022 | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent`… | |||
| CVE-2021-4024 | — | 0.00 | — | 0.01 | Dec 23, 2021 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is… | ||
| CVE-2021-41088 | 0.00 | — | 0.01 | Sep 23, 2021 | Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of… | |||
| CVE-2021-39185 | — | 0.00 | — | 0.01 | Sep 1, 2021 | Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also… | ||
| CVE-2021-34435 | 0.00 | — | 0.01 | Sep 1, 2021 | In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file.. | |||
| CVE-2021-37705 | 0.00 | — | 0.02 | Aug 13, 2021 | OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To… | |||
| CVE-2021-26291 | — | 0.00 | — | 0.09 | Apr 23, 2021 | Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to… |
- CVE-2024-23898Jan 24, 2024risk 0.00cvss —epss 0.67
Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute…
- CVE-2023-49803Dec 11, 2023risk 0.00cvss —epss 0.00
@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the…
- CVE-2023-2850Jul 25, 2023risk 0.00cvss —epss 0.00
NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.
- CVE-2023-32993May 16, 2023risk 0.00cvss —epss 0.00
Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.
- CVE-2023-26114Mar 23, 2023risk 0.00cvss —epss 0.00
Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.
- CVE-2023-22899Jan 10, 2023risk 0.00cvss —epss 0.01
Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.
- CVE-2017-20146Dec 27, 2022risk 0.00cvss —epss 0.01
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
- CVE-2022-41924Nov 23, 2022risk 0.00cvss —epss 0.02
A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon `tailscaled`, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and…
- CVE-2022-42975Oct 17, 2022risk 0.00cvss —epss 0.01
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
- CVE-2022-3457Oct 13, 2022risk 0.00cvss —epss 0.00
Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.
- CVE-2022-31151Jul 20, 2022risk 0.00cvss —epss 0.01
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a…
- CVE-2022-24762Mar 14, 2022risk 0.00cvss —epss 0.01
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has…
- CVE-2022-25146Mar 2, 2022risk 0.00cvss —epss 0.01
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted…
- CVE-2022-21712Feb 7, 2022risk 0.00cvss —epss 0.01
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent`…
- CVE-2021-4024Dec 23, 2021risk 0.00cvss —epss 0.01
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is…
- CVE-2021-41088Sep 23, 2021risk 0.00cvss —epss 0.01
Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of…
- CVE-2021-39185Sep 1, 2021risk 0.00cvss —epss 0.01
Http4s is a minimal, idiomatic Scala interface for HTTP services. In http4s versions 0.21.26 and prior, 0.22.0 through 0.22.2, 0.23.0, 0.23.1, and 1.0.0-M1 through 1.0.0-M24, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also…
- CVE-2021-34435Sep 1, 2021risk 0.00cvss —epss 0.01
In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file..
- CVE-2021-37705Aug 13, 2021risk 0.00cvss —epss 0.02
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To…
- CVE-2021-26291Apr 23, 2021risk 0.00cvss —epss 0.09
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to…