What is the impact of CVE-2023-48708?

If successful login attempts are recorded, the raw tokens are stored in the log table and can be obtained by a malicious person, allowing them to send requests with the user's authority.

How can a malicious person obtain raw tokens from the log table?

If a malicious person somehow views the data in the log table, they can obtain a raw token.

What can a malicious person do with a raw token obtained from the log table?

A malicious person can use a raw token to send requests with the authority of the user associated with that token.

What version of codeigniter4/shield is affected by CVE-2023-48708?

The vulnerability affects codeigniter4/shield version 1.0.0-beta.8 exclusively.

Where can I find more information about codeigniter4/shield and fixing this vulnerability?

You can find more information about codeigniter4/shield and how to fix this vulnerability in the references provided: https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w, https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4, https://codeigniter4.github.io/shield/getting_started/authenticators/

Vulnerability/
CVE-2023-48708

medium

6.5

CWE

532

23/11/2023

24/11/2023

2/8/2024

CVE-2023-48708: Insertion of Sensitive Information into Log in codeigniter4/shield

First published: Thu Nov 23 2023(Updated: )

### Impact If successful login attempts are recorded, the raw tokens are stored in the log table. If a malicious person somehow views the data in the log table, he or she can obtain a raw token, which can then be used to send a request with that user's authority. When you (1) **use the following authentiactors**, - [AccessTokens](https://codeigniter4.github.io/shield/references/authentication/tokens/) (`tokens`) - [JWT](https://codeigniter4.github.io/shield/addons/jwt/) (`jwt`) - [HmacSha256](https://codeigniter4.github.io/shield/references/authentication/hmac/) (`hmac`) and you (2) **log successful login attempts**, the raw tokens are stored. ### Patches Upgrade to Shield v1.0.0-beta.8 or later. ### Workarounds Disable logging for successful login attempts by the configuration files. - AccessTokens or HmacSha256 - Set `Config\AuthToken::$recordLoginAttempt` to `Auth::RECORD_LOGIN_ATTEMPT_FAILURE` or `Auth::RECORD_LOGIN_ATTEMPT_NONE` - JWT - Set `Config\AuthJWT::$recordLoginAttempt` to `Auth::RECORD_LOGIN_ATTEMPT_FAILURE` or `Auth::RECORD_LOGIN_ATTEMPT_NONE` ### References - https://codeigniter4.github.io/shield/getting_started/authenticators/ ### For more information If you have any questions or comments about this advisory: * Open an issue or discussion in [codeigniter4/shield](https://github.com/codeigniter4/shield) * Email us at [security@codeigniter.com](mailto:security@codeigniter.com)

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
composer/codeigniter4/shield	<1.0.0-beta.8	1.0.0-beta.8
CodeIgniter Shield	=1.0.0-beta
CodeIgniter Shield	=1.0.0-beta2
CodeIgniter Shield	=1.0.0-beta3
CodeIgniter Shield	=1.0.0-beta4
CodeIgniter Shield	=1.0.0-beta5
CodeIgniter Shield	=1.0.0-beta6
CodeIgniter Shield	=1.0.0-beta7

Remedy

https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the impact of CVE-2023-48708?
If successful login attempts are recorded, the raw tokens are stored in the log table and can be obtained by a malicious person, allowing them to send requests with the user's authority.
How can a malicious person obtain raw tokens from the log table?
If a malicious person somehow views the data in the log table, they can obtain a raw token.
What can a malicious person do with a raw token obtained from the log table?
A malicious person can use a raw token to send requests with the authority of the user associated with that token.
What version of codeigniter4/shield is affected by CVE-2023-48708?
The vulnerability affects codeigniter4/shield version 1.0.0-beta.8 exclusively.
Where can I find more information about codeigniter4/shield and fixing this vulnerability?
You can find more information about codeigniter4/shield and how to fix this vulnerability in the references provided: https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w, https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4, https://codeigniter4.github.io/shield/getting_started/authenticators/

collector/github-advisory-latest
alias/GHSA-j72f-h752-mx4w
alias/CVE-2023-48708
collector/nvd-api
collector/nvd-cve
collector/github-advisory
agent/author
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/last-modified-date
agent/severity
agent/remedy
agent/weakness
agent/tags
agent/description
agent/event
agent/trending
package-manager/composer
vendor/codeigniter
canonical/codeigniter shield
version/codeigniter shield/1.0.0-beta
version/codeigniter shield/1.0.0-beta2
version/codeigniter shield/1.0.0-beta3
version/codeigniter shield/1.0.0-beta4
version/codeigniter shield/1.0.0-beta5
version/codeigniter shield/1.0.0-beta6
version/codeigniter shield/1.0.0-beta7