PT-2020-14303 · Shrine · Shrine

Janko

Published

2020-10-05

Updated

2020-10-19

CVE-2020-15237

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Shrine versions prior to 3.3.0

Description The issue allows an attacker to use a timing attack to guess the signature of the derivation URL when using the derivation endpoint plugin. This is possible due to the comparison of sent and calculated signatures not being done in constant time. The problem has been fixed by using Rack::Utils.secure compare to compare signatures in constant time.

Recommendations For Shrine versions prior to 3.3.0, upgrade to Shrine 3.3.0 or greater. As a temporary workaround, users of older Shrine versions can apply a monkey-patch after loading the derivation endpoint plugin to secure the comparison of signatures.

Exploit

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208CWE-203

Related Identifiers

CVE-2020-15237

GHSA-5JJV-X4FQ-QJWP

Affected Products

Shrine

PT-2020-14303 · Shrine · Shrine

CVE-2020-15237

Weakness Enumeration

Related Identifiers

Affected Products

References · 8