Gratis scannen
Analyse in behandelingCVE-2024-3090

CVE-2024-3090: RCE in Illuminate Cookie Session Driver

Platform

php

Component

open-source-vulnerabilities

Opgelost in

1.0.1

Bekijk op NVD
Opslaan

CVE-2024-3090 is a critical Remote Code Execution (RCE) vulnerability impacting applications utilizing the "cookie" session driver within the Illuminate framework. This vulnerability arises when an encryption oracle is exposed, enabling attackers to potentially execute arbitrary code on the server. The vulnerability affects versions of the Illuminate Cookie component up to and including v6.8.0, with a particular focus on applications running Laravel 5.5 and earlier.

Impact en Aanvalsscenarioswordt vertaald…

The primary impact of CVE-2024-3090 is the potential for remote code execution. An attacker exploiting this vulnerability can leverage an encryption oracle – a mechanism where user input influences encryption behavior – to gain control of the affected server. This could lead to complete system compromise, including data exfiltration, modification of sensitive information, and installation of malicious software. The blast radius extends to any data accessible by the application, and depending on the server's configuration, could allow for lateral movement to other systems within the network. This vulnerability shares similarities with other encryption oracle exploits, highlighting the importance of secure encryption practices.

Uitbuitingscontextwordt vertaald…

CVE-2024-3090 was published on May 15, 2024. Its severity is rated as CRITICAL (CVSS 9.5). Public proof-of-concept (POC) code is likely to emerge given the vulnerability's nature and the high CVSS score. The vulnerability is not currently listed on KEV or EPSS, suggesting no immediate widespread exploitation campaigns are known. Refer to the official Laravel security advisory for further details and updates.

Dreigingsinformatie

Exploit Status

Proof of ConceptOnbekend
CISA KEVNO
InternetblootstellingHoog

EPSS

0.09% (26% percentiel)

CVSS-vector

DREIGINGSINFORMATIE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N2.4LOWAttack VectorNetworkHoe de aanvaller het doel bereiktAttack ComplexityLowVereiste omstandigheden om te exploiterenPrivileges RequiredHighVereist authenticatieniveau voor aanvalUser InteractionRequiredOf het slachtoffer actie moet ondernemenScopeUnchangedImpact buiten het getroffen onderdeelConfidentialityNoneRisico op blootstelling van gevoelige dataIntegrityLowRisico op ongeautoriseerde gegevenswijzigingAvailabilityNoneRisico op verstoring van dienstennextguardhq.com · CVSS v3.1 Basisscore
Wat betekenen deze metrics?
Attack Vector
Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
Attack Complexity
Laag — geen speciale voorwaarden vereist. Betrouwbaar uitbuitbaar.
Privileges Required
Hoog — beheerder of geprivilegieerd account vereist.
User Interaction
Vereist — slachtoffer moet een bestand openen, op een link klikken of een pagina bezoeken.
Scope
Ongewijzigd — impact beperkt tot het kwetsbare component.
Confidentiality
Geen — geen vertrouwelijkheidsimpact.
Integrity
Laag — aanvaller kan enkele gegevens met beperkte omvang aanpassen.
Availability
Geen — geen beschikbaarheidsimpact.

Getroffen Software

Componentopen-source-vulnerabilities
LeverancierPHPGurukul
Minimumversie1.0
Maximumversie1.0
Opgelost in1.0.1

Zwakheidsclassificatie (CWE)

CWE-79

Tijdlijn

  1. Gereserveerd
  2. Gepubliceerd
  3. Gewijzigd
  4. EPSS bijgewerkt

Mitigatie en Workaroundswordt vertaald…

The primary mitigation for CVE-2024-3090 is to upgrade the Illuminate Cookie component to version 6.18.31 or later. For applications running Laravel 5.5 and earlier, which do not receive security updates, the recommended workaround is to avoid using the "cookie" session driver in production deployments. Consider alternative session drivers like 'file' or 'database'. If immediate upgrade is not possible, implement strict input validation and sanitization to prevent manipulation of encryption parameters. Monitor application logs for unusual encryption-related activity. After upgrade, confirm the fix by attempting to trigger the encryption oracle scenario and verifying that it no longer results in code execution.

Hoe te verhelpenwordt vertaald…

Actualice el Emergency Ambulance Hiring Portal a una versión parcheada que solucione la vulnerabilidad XSS. Si no hay una versión disponible, filtre y escape las entradas del usuario en el archivo /admin/add-ambulance.php, especialmente los campos 'Ambulance Reg No' y 'Driver Name', para evitar la inyección de código malicioso.

Veelgestelde vragenwordt vertaald…

What is CVE-2024-3090 — RCE in Illuminate Cookie Session Driver?

CVE-2024-3090 is a critical Remote Code Execution vulnerability affecting applications using the 'cookie' session driver in the Illuminate framework, specifically versions up to 6.8.0. An encryption oracle allows attackers to execute arbitrary code.

Am I affected by CVE-2024-3090 in Illuminate Cookie Session Driver?

You are affected if your application uses the 'cookie' session driver with Illuminate Cookie versions 6.8.0 or earlier, especially if running Laravel 5.5 or earlier, which lacks security updates.

How do I fix CVE-2024-3090 in Illuminate Cookie Session Driver?

Upgrade the Illuminate Cookie component to version 6.18.31 or later. If upgrading is not immediately possible, avoid using the 'cookie' session driver in production, particularly in Laravel 5.5 and earlier.

Is CVE-2024-3090 being actively exploited?

While no widespread exploitation campaigns are currently known, the high CVSS score and potential for POC code suggest active exploitation is possible. Monitor your systems closely.

Where can I find the official Illuminate advisory for CVE-2024-3090?

Refer to the official Laravel security advisory for detailed information and updates regarding CVE-2024-3090: https://laravel.com/docs/releases/security

Is jouw project getroffen?

Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.

Gratis scannenCVEs zoeken
livefree scan

Probeer het nu — geen account

Upload een manifest (composer.lock, package-lock.json, WordPress pluginlijst…) of plak uw componentenlijst. U ontvangt direct een kwetsbaarheidsrapport. Een bestand uploaden is slechts het begin: met een account krijgt u continue monitoring, Slack/e-mail alerts, multi-project en white-label rapporten.

Manual scanSlack/email alertsscanZone.capMonitorWhite-label reports

Sleep uw afhankelijkheidsbestand hierheen

composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...