Lucene search

GitHub_MCVELIST:CVE-2024-27302

HistoryMar 06, 2024 - 6:31 p.m.

CVE-2024-27302 Authorization Bypass Through User-Controlled Key in go-zero

2024-03-0618:31:31

CWE-639

GitHub_M

www.cve.org

web framework

rpc

cors policy

vulnerability

version 1.4.4

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the isOriginAllowed uses strings.HasSuffix to check the origin, which leads to bypass via a malicious domain. This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests and/or retrieve data on behalf of other users. Version 1.4.4 fixes this issue.

CNA Affected

[
  {
    "vendor": "zeromicro",
    "product": "go-zero",
    "versions": [
      {
        "version": "< 1.4.4",
        "status": "affected"
      }
    ]
  }
]

References

github.com/zeromicro/go-zero/commit/d9d79e930dff6218a873f4f02115df61c38b15db

github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-27302