CVE-2023-33185

Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md	Exploit Third Party Advisory
https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795	Patch
https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:django-ses_project:django-ses:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-26 21:15

Updated : 2023-06-06 18:09

NVD link : CVE-2023-33185

Mitre link : CVE-2023-33185

CVE.ORG link : CVE-2023-33185

JSON object : View

Products Affected

django-ses_project

django-ses

CWE

CWE-347

Improper Verification of Cryptographic Signature

{"id": "CVE-2023-33185", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2023-05-26T21:15:20.527", "references": [{"url": "https://github.com/django-ses/django-ses/blob/3d627067935876487f9938310d5e1fbb249a7778/CVE/001-cert-url-signature-verification.md", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/django-ses/django-ses/commit/b71b5f413293a13997b6e6314086cb9c22629795", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/django-ses/django-ses/security/advisories/GHSA-qg36-9jxh-fj25", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-347"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-347"}]}], "descriptions": [{"lang": "en", "value": "Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0."}], "lastModified": "2023-06-06T18:09:12.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:django-ses_project:django-ses:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B87C9D64-0546-4BC8-B456-D2EB87E34F57", "versionEndExcluding": "3.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}