ghsa-34q3-p352-c7q8
Vulnerability from github
Vulnerability Overview
A vulnerability has been identified in Central Dogma versions prior to 0.64.1, allowing for the leakage of user sessions and subsequent authentication bypass. The issue stems from a Cross-Site Scripting (XSS) attack vector that targets the RelayState of Security Assertion Markup Language (SAML).
Impact
Successful exploitation of this vulnerability enables malicious actors to leak user sessions, leading to the compromise of authentication mechanisms. This, in turn, can facilitate unauthorized access to sensitive resources.
Patches
This vulnerability is addressed and resolved in Central Dogma version 0.64.1 Users are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the authentication bypass.
Workarounds
No viable workarounds are currently available for this vulnerability. It is recommended to apply the provided patch promptly.
References
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.linecorp.centraldogma:centraldogma-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.64.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-1143"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2024-02-02T16:55:25Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Vulnerability Overview\nA vulnerability has been identified in Central Dogma versions prior to 0.64.1, allowing for the leakage of user sessions and subsequent authentication bypass. The issue stems from a Cross-Site Scripting (XSS) attack vector that targets the RelayState of Security Assertion Markup Language (SAML).\n\n### Impact\nSuccessful exploitation of this vulnerability enables malicious actors to leak user sessions, leading to the compromise of authentication mechanisms. This, in turn, can facilitate unauthorized access to sensitive resources.\n\n### Patches\nThis vulnerability is addressed and resolved in Central Dogma version 0.64.1 Users are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the authentication bypass.\n\n### Workarounds\nNo viable workarounds are currently available for this vulnerability. It is recommended to apply the provided patch promptly.\n\n### References\n- [OASIS SAML v2.0 Errata 05](https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8196_1983180497)\n- [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-defense-philosophy)",
"id": "GHSA-34q3-p352-c7q8",
"modified": "2024-04-25T16:46:07Z",
"published": "2024-02-02T16:55:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1143"
},
{
"type": "WEB",
"url": "https://github.com/line/centraldogma/commit/8edcf913b88101aff70008156b0881850e005783"
},
{
"type": "PACKAGE",
"url": "https://github.com/line/centraldogma"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Central Dogma Authentication Bypass Vulnerability via Session Leakage"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.