oss-sec mailing list archives
Browser-mediated attacks on WebDriver servers
From: Gabriel Corona <gabriel.corona () enst-bretagne fr>
Date: Mon, 7 Feb 2022 22:04:17 +0100
Several browser-mediated attacks on WebDriver servers: * GeckoDriver CSRF vulnerability (CVE-2020-15660); * GeckoDriver DNS-rebinding vulnerability (CVE-2021-4138);* Chromedriver localhost-bound same-site/cross-origin request forgery vulnerability;
* Selenium server/Grid CSRF vulnerability; * Selenium server/Grid DNS-rebinding vulnerability. In all cases this could be used to trigger arbitrary code execution. GeckoDriver CSRF vulnerability ============================== This is CVE-2020-15660. Fixed in GeckoDriver v0.27.0. GeckoDriver DNS-rebinding vulnerability ======================================= This is CVE-2021-4138. Fixed in GeckoDriver v0.30.0. Chromedriver localhost-bound same-site/cross-origin request forgery =================================================================== A XSS on another localhost-bound service could be exploited to trigger arbitrary code execution. Reference: https://bugs.chromium.org/p/chromium/issues/detail?id=1100097 Selenium server/Grid CSRF vulnerability ======================================= A CVE-ID has been requested from MITRE. This is fixed in SeleniumServer 4. Selenium server/Grid DNS-rebinding vulnerability ==================================== A CVE-ID has been requested from MITRE. This is fixed in SeleniumServer 4.
Current thread:
- Browser-mediated attacks on WebDriver servers Gabriel Corona (Feb 07)