14 matches found
CVE-2023-45814
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
Information Disclosure
bunkum is vulnerable to Information Disclosure. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to a vulnerable Bunkum application. This request would cause the application to release a token from its cache, and then immediately reuse the token. The attack...
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Impact First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting ITokens into endpoints was added. All was well until 4.0. Bunkum 4.0 then...
GHSA-JRF2-H5J6-3RRQ Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Impact First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecting ITokens into endpoints was added. All was well until 4.0. Bunkum 4.0 then...
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
Missing Release of Resource after Effective Lifetime
Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the AuthenticationService. A cached token persists after the lifetime of the request due to an improper implementation of relations between ITokens and IUsers. An attacker can cau...
CVE-2023-45814
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
Design/Logic Flaw
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
CVE-2023-45814
CVE-2023-45814 affects Bunkum’s AuthenticationService token caching. The issue arises from caching ITokens and IUser relations after 4.0, causing a use-after-free when a cached token outlives a request and is later accessed (IToken.User) in subsequent requests. Red Hat/OSV/GHSA entries summarize ...
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum
Bunkum is an open-source protocol-agnostic request server for custom game servers. First, a little bit of background. So, in the beginning, Bunkum's AuthenticationService only supported injecting IUsers. However, as Refresh and SoundShapesServer implemented permissions systems support for injecti...
PT-2023-29704 · Bunkum · Bunkum
Name of the Vulnerable Software and Affected Versions: Bunkum versions prior to 4.2.1 Description: Bunkum is an open-source protocol-agnostic request server for custom game servers. The AuthenticationService initially supported injecting IUsers, but later added support for injecting ITokens into...
Bunkum Security Vulnerabilities
Bunkum is a protocol-independent, open source request server for custom game servers, built with flexibility and ease of use in mind. A security vulnerability exists in Bunkum that stems from the presence of a memory reuse after release issue...