SecuriTricks - CVE-2024-41657

Description

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.

Product(s) Impacted

Vendor	Product	Versions
Casbin	Casdoor	*

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-697

Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

CWE-942

Permissive Cross-domain Policy with Untrusted Domains

The product uses a cross-domain policy file that includes domains that should not be trusted.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	casbin	casdoor	/	/	/	/	/	/	/	/

References

https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45

https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/

CVSS Score

8.8 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Aug. 20, 2024, 9:15 p.m.
Last Modified: Aug. 28, 2024, 4:13 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

CVE-2024-41657