FKIE_CVE-2023-48396

Vulnerability from fkie_nvd - Published: 2024-07-30 09:15 - Updated: 2025-07-10 18:49
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2024/07/30/1Mailing List, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmwMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/07/30/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmwMailing List, Vendor Advisory
Impacted products
Vendor Product Version
apache seatunnel 1.0.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2275FCE7-D9F5-4541-8193-85423472BC64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."
    },
    {
      "lang": "es",
      "value": " Vulnerabilidad de autenticaci\u00f3n web en Apache SeaTunnel. Dado que la clave jwt est\u00e1 codificada en la aplicaci\u00f3n, un atacante puede falsificar cualquier token para iniciar sesi\u00f3n en cualquier usuario. El atacante puede obtener la clave secreta en /seatunnel-server/seatunnel-app/src/main/resources/application.yml y luego crear un token. Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.0.1, que soluciona el problema."
    }
  ],
  "id": "CVE-2023-48396",
  "lastModified": "2025-07-10T18:49:05.210",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-07-30T09:15:02.540",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.