Lucene search
Veracode Vulnerability DatabaseVERACODE:38653HistoryDec 27, 2022 - 3:26 a.m.
Authentication Bypass
2022-12-2703:26:06
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
alpine
authentication bypass
filter function
authenticationfilter.java
url path
administrative restrictions
swagger endpoint
0.001 Low
EPSS
Percentile
39.7%
Alpine is vulnerable to authentication bypass.The vulnerability exists in filter function of AuthenticationFilter.java because of by accessing a URL with a path without aborting the request which allows an attacker to bypass administrative restrictions via swagger endpoint.
References
github.com/stevespringett/Alpine/blob/alpine-parent-2.2.0/alpine-server/src/main/java/alpine/server/filters/AuthenticationFilter.java#L59
github.com/stevespringett/Alpine/blob/f03dbda46229c26145a5f9f7f2660cc2c386be02/alpine/src/main/java/alpine/filters/AuthenticationFilter.java#L58-L60
github.com/stevespringett/Alpine/releases/tag/alpine-parent-1.10.4
securitylab.github.com/advisories/GHSL-2021-1010-Alpine/
Related
nvd
nvd
CVE-2022-23554
2022-12-28 19:15:09
prion
prion
Race condition
2022-12-28 19:15:00
cve
cve
CVE-2022-23554
2022-12-28 19:15:09
cvelist
cvelist
CVE-2022-23554 Authentication bypass in Alpine
2022-12-28 18:12:41
osv
osv
CVE-2022-23554
2022-12-28 19:15:09