[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Browser-mediated attacks on WebDriver servers
From:       Gabriel Corona <gabriel.corona () enst-bretagne ! fr>
Date:       2022-02-07 21:04:17
Message-ID: 9e4aa379-70ce-3bf9-1480-c36a1b9fa4e0 () enst-bretagne ! fr
[Download RAW message or body]

Several browser-mediated attacks on WebDriver servers:

* GeckoDriver CSRF vulnerability (CVE-2020-15660);
* GeckoDriver DNS-rebinding vulnerability (CVE-2021-4138);
* Chromedriver localhost-bound same-site/cross-origin request forgery 
vulnerability;
* Selenium server/Grid CSRF vulnerability;
* Selenium server/Grid DNS-rebinding vulnerability.

In all cases this could be used to trigger arbitrary code execution.

GeckoDriver CSRF vulnerability
==============================

This is CVE-2020-15660. Fixed in GeckoDriver v0.27.0.

GeckoDriver DNS-rebinding vulnerability
=======================================

This is CVE-2021-4138. Fixed in GeckoDriver v0.30.0.

Chromedriver localhost-bound same-site/cross-origin request forgery
===================================================================

A XSS on another localhost-bound service could be exploited to trigger
arbitrary code execution.

Reference: https://bugs.chromium.org/p/chromium/issues/detail?id=1100097

Selenium server/Grid CSRF vulnerability
=======================================

A CVE-ID has been requested from MITRE.

This is fixed in SeleniumServer 4.

Selenium server/Grid DNS-rebinding vulnerability
====================================

A CVE-ID has been requested from MITRE.

This is fixed in SeleniumServer 4.
[prev in list] [next in list] [prev in thread] [next in thread]