CVE-2023-48396 (GCVE-0-2023-48396)

Vulnerability from cvelistv5 – Published: 2024-07-30 08:15 – Updated: 2025-02-13 17:18
VLAI?
Summary
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.
Severity ?
No CVSS data available.
CWE
  • CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache SeaTunnel Web Affected: 1.0.0
Create a notification for this product.
Credits
jiahua huang / Joyh
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "seatunnel",
            "vendor": "apache",
            "versions": [
              {
                "status": "affected",
                "version": "1.0.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-48396",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-30T13:28:08.790672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T15:20:29.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:30:34.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache SeaTunnel Web",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "jiahua huang / Joyh"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Web Authentication vulnerability in Apache SeaTunnel.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSince the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eAttacker can get\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esecret key in\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache SeaTunnel: 1.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.0.1, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-290",
              "description": "CWE-290 Authentication Bypass by Spoofing",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-30T08:20:06.207Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache SeaTunnel Web: Authentication bypass",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-48396",
    "datePublished": "2024-07-30T08:15:33.731Z",
    "dateReserved": "2023-11-16T06:55:43.177Z",
    "dateUpdated": "2025-02-13T17:18:18.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Web Authentication vulnerability in Apache SeaTunnel.\\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\\nany token to log in any user.\\n\\nAttacker can get\\u00a0secret key in\\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\\nThis issue affects Apache SeaTunnel: 1.0.0.\\n\\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue.\"}, {\"lang\": \"es\", \"value\": \" Vulnerabilidad de autenticaci\\u00f3n web en Apache SeaTunnel. Dado que la clave jwt est\\u00e1 codificada en la aplicaci\\u00f3n, un atacante puede falsificar cualquier token para iniciar sesi\\u00f3n en cualquier usuario. El atacante puede obtener la clave secreta en /seatunnel-server/seatunnel-app/src/main/resources/application.yml y luego crear un token. Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versi\\u00f3n 1.0.1, que soluciona el problema.\"}]",
      "id": "CVE-2023-48396",
      "lastModified": "2024-11-21T08:31:37.970",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 9.1, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.2}]}",
      "published": "2024-07-30T09:15:02.540",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/30/1\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\", \"source\": \"security@apache.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/30/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-290\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-48396\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-07-30T09:15:02.540\",\"lastModified\":\"2025-07-10T18:49:05.210\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\\nany token to log in any user.\\n\\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\\nThis issue affects Apache SeaTunnel: 1.0.0.\\n\\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\" Vulnerabilidad de autenticaci\u00f3n web en Apache SeaTunnel. Dado que la clave jwt est\u00e1 codificada en la aplicaci\u00f3n, un atacante puede falsificar cualquier token para iniciar sesi\u00f3n en cualquier usuario. El atacante puede obtener la clave secreta en /seatunnel-server/seatunnel-app/src/main/resources/application.yml y luego crear un token. Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.0.1, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-290\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2275FCE7-D9F5-4541-8193-85423472BC64\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/30/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/30/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/30/1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T21:30:34.963Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-48396\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-30T13:28:08.790672Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"apache\", \"product\": \"seatunnel\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-30T13:32:53.395Z\"}}], \"cna\": {\"title\": \"Apache SeaTunnel Web: Authentication bypass\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"jiahua huang / Joyh\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"moderate\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache SeaTunnel Web\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/30/1\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Web Authentication vulnerability in Apache SeaTunnel.\\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\\nany token to log in any user.\\n\\nAttacker can get\\u00a0secret key in\\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\\nThis issue affects Apache SeaTunnel: 1.0.0.\\n\\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Web Authentication vulnerability in Apache SeaTunnel.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eSince the jwt key is hardcoded in the application, an attacker can forge\\nany token to log in any user.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eAttacker can get\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003esecret key in\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Apache SeaTunnel: 1.0.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 1.0.1, which fixes the issue.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-290\", \"description\": \"CWE-290 Authentication Bypass by Spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-07-30T08:15:33.731Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-48396\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T21:30:34.963Z\", \"dateReserved\": \"2023-11-16T06:55:43.177Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2024-07-30T08:15:33.731Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.