Adobe ColdFusion Access Control Bypass - CVE-2023-38205 - U.S. Dept Of Defense Bug Bounty Report

Vulnerability Details

Technical details and impact analysis

Improper Access Control - Generic

**Description:** Hi team, The subdomain https://████ is with adobe ColdFusion vulnerable with CVE-2023-38205. This vulnerability is a bypass path created for CVE-2023-29298. ## References https://www.rapid7.com/blog/post/2023/07/19/cve-2023-38205-adobe-coldfusion-access-control-bypass-fixed/ ## Impact If an attacker accesses a URL path of /hax/..CFIDE/wizards/common/utils.cfc the access control can be bypassed and the expected endpoint can still be reached, even though it is not a valid URL path . ## System Host(s) █████████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2023-38205 ## Steps to Reproduce 1. Go to: https://█████████/hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx 2. See the remote method call wizardHash on the/CFIDE/wizards/common/utils.cfc endpoint. ## Suggested Mitigation/Remediation Actions

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2023-29298 HIGH

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require …

CVE-2023-38205 HIGH

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require …

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Improper Access Control - Generic