[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Browser-mediated attacks on WebDriver servers
From: Gabriel Corona <gabriel.corona () enst-bretagne ! fr>
Date: 2022-02-07 21:04:17
Message-ID: 9e4aa379-70ce-3bf9-1480-c36a1b9fa4e0 () enst-bretagne ! fr
[Download RAW message or body]
Several browser-mediated attacks on WebDriver servers:
* GeckoDriver CSRF vulnerability (CVE-2020-15660);
* GeckoDriver DNS-rebinding vulnerability (CVE-2021-4138);
* Chromedriver localhost-bound same-site/cross-origin request forgery
vulnerability;
* Selenium server/Grid CSRF vulnerability;
* Selenium server/Grid DNS-rebinding vulnerability.
In all cases this could be used to trigger arbitrary code execution.
GeckoDriver CSRF vulnerability
==============================
This is CVE-2020-15660. Fixed in GeckoDriver v0.27.0.
GeckoDriver DNS-rebinding vulnerability
=======================================
This is CVE-2021-4138. Fixed in GeckoDriver v0.30.0.
Chromedriver localhost-bound same-site/cross-origin request forgery
===================================================================
A XSS on another localhost-bound service could be exploited to trigger
arbitrary code execution.
Reference: https://bugs.chromium.org/p/chromium/issues/detail?id=1100097
Selenium server/Grid CSRF vulnerability
=======================================
A CVE-ID has been requested from MITRE.
This is fixed in SeleniumServer 4.
Selenium server/Grid DNS-rebinding vulnerability
====================================
A CVE-ID has been requested from MITRE.
This is fixed in SeleniumServer 4.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic