Alpine is vulnerable to authentication bypass.The vulnerability exists in filter
function of AuthenticationFilter.java
because of by accessing a URL with a path without aborting the request which allows an attacker to bypass administrative restrictions via swagger endpoint.
github.com/stevespringett/Alpine/blob/alpine-parent-2.2.0/alpine-server/src/main/java/alpine/server/filters/AuthenticationFilter.java#L59
github.com/stevespringett/Alpine/blob/f03dbda46229c26145a5f9f7f2660cc2c386be02/alpine/src/main/java/alpine/filters/AuthenticationFilter.java#L58-L60
github.com/stevespringett/Alpine/releases/tag/alpine-parent-1.10.4
securitylab.github.com/advisories/GHSL-2021-1010-Alpine/