First published: Thu Nov 23 2023(Updated: )
CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.
Credit: security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/codeigniter4/shield | <1.0.0-beta.8 | 1.0.0-beta.8 |
CodeIgniter Shield | =1.0.0-beta | |
CodeIgniter Shield | =1.0.0-beta2 | |
CodeIgniter Shield | =1.0.0-beta3 | |
CodeIgniter Shield | =1.0.0-beta4 | |
CodeIgniter Shield | =1.0.0-beta5 | |
CodeIgniter Shield | =1.0.0-beta6 | |
CodeIgniter Shield | =1.0.0-beta7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
If successful login attempts are recorded, the raw tokens are stored in the log table and can be obtained by a malicious person, allowing them to send requests with the user's authority.
If a malicious person somehow views the data in the log table, they can obtain a raw token.
A malicious person can use a raw token to send requests with the authority of the user associated with that token.
The vulnerability affects codeigniter4/shield version 1.0.0-beta.8 exclusively.
You can find more information about codeigniter4/shield and how to fix this vulnerability in the references provided: https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w, https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4, https://codeigniter4.github.io/shield/getting_started/authenticators/