Products
Casdoor
- 1.577.0 and earlier
Source
security-advisories@github.com
Tags
CVE-2024-41657 details
Last Modified : Aug. 20, 2024, 9:15 p.m.
Description
Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.1 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-942 | Permissive Cross-domain Policy with Untrusted Domains | The product uses a cross-domain policy file that includes domains that should not be trusted. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
8.1
Exploitability Score
2.8
Impact Score
5.2
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
References
URL | Source |
---|---|
https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45 | security-advisories@github.com |
https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/ | security-advisories@github.com |