CVE-2022-35943

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.2.3 Shield versions prior to 1.0.0-beta.2

Description This issue may allow attackers to bypass the CodeIgniter4 CSRF protection mechanism with CodeIgniter Shield. For this attack to succeed, the attacker must have direct or indirect control over a subdomain site of the target site. The attack is possible whether ConfigSecurity::$csrfProtection is set to 'cookie' or 'session', and whether ConfigSecurity::$regenerate is true or false.

Recommendations Upgrade to CodeIgniter v4.2.3 or later and Shield v1.0.0-beta.2 or later. As a workaround:

set ConfigSecurity::$csrfProtection to 'session'
remove old session data right after login
regenerate CSRF token right after login

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

BIT-CODEIGNITER-2022-35943

CVE-2022-35943

GHSA-5HM8-VH6R-2CJQ

Affected Products

Codeigniter

Sshield

CVE-2022-35943

Weakness Enumeration

Related Identifiers

Affected Products

References · 12