Insecure Cross-Origin Resource Sharing Configuration

medium Web App Scanning Plugin ID 98983

Synopsis

Insecure Cross-Origin Resource Sharing Configuration

Description

Cross Origin Resource Sharing (CORS) is an HTML5 technology which gives modern web browsers the ability to bypass restrictions implemented by the Same Origin Policy.

The Same Origin Policy requires that both the JavaScript and the page are loaded from the same domain in order to allow JavaScript to interact with the page. This in turn prevents malicious JavaScript being executed when loaded from external domains.

The CORS policy allows the application to specify exceptions to the protections implemented by the browser, and enables the developer to specify allowlisted for which external JavaScript is permitted to execute and interact with the page.

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses, thus enabling attackers to perform privilegied actions or to retrieve potential sensitive information.

Solution

The application should be configured with an allowlist including only specific and trusted domains to perform CORS requests.

See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

https://www.w3.org/TR/cors/#security

Plugin Details

Severity: Medium

ID: 98983

Type: remote

Published: 3/6/2020

Updated: 11/26/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS Score Source: Tenable

Reference Information