Lucene search

[email protected]NVD:CVE-2024-41657

HistoryAug 20, 2024 - 9:15 p.m.

CVE-2024-41657

2024-08-2021:15:13

CWE-942

CWE-697

[email protected]

web.nvd.nist.gov

casdoor

identity and access management

single-sign-on

logic vulnerability

corsfilter

cross domain requests

origin header

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.0%

JSON

Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.

Affected configurations

Nvd

Node

casbincasdoor

VendorProductVersionCPE
casbincasdoor*cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
casbin	casdoor	*	cpe:2.3:a:casbin:casdoor::::::::

References

github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45

securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

38.0%

JSON

Related for NVD:CVE-2024-41657

osv2 vulnrichment1 cvelist1 veracode1 cve1 github1