What is the severity of CVE-2024-1143?

CVE-2024-1143 is considered a critical vulnerability due to its potential for user session leakage and authentication bypass.

How do I fix CVE-2024-1143?

To mitigate CVE-2024-1143, upgrade Central Dogma to version 0.64.1 or later.

Which software is affected by CVE-2024-1143?

CVE-2024-1143 affects Central Dogma versions prior to 0.64.1.

What type of attack does CVE-2024-1143 involve?

CVE-2024-1143 involves a Cross-Site Scripting (XSS) attack vector targeting user sessions.

What is the impact of CVE-2024-1143 on users?

CVE-2024-1143 allows attackers to bypass authentication, potentially compromising sensitive user data.

Vulnerability/
CVE-2024-1143

critical

9.3

CWE

2/2/2024

1/8/2024

CVE-2024-1143: XSS

First published: Fri Feb 02 2024(Updated: )

### Vulnerability Overview A vulnerability has been identified in Central Dogma versions prior to 0.64.1, allowing for the leakage of user sessions and subsequent authentication bypass. The issue stems from a Cross-Site Scripting (XSS) attack vector that targets the RelayState of Security Assertion Markup Language (SAML). ### Impact Successful exploitation of this vulnerability enables malicious actors to leak user sessions, leading to the compromise of authentication mechanisms. This, in turn, can facilitate unauthorized access to sensitive resources. ### Patches This vulnerability is addressed and resolved in Central Dogma version 0.64.1 Users are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the authentication bypass. ### Workarounds No viable workarounds are currently available for this vulnerability. It is recommended to apply the provided patch promptly. ### References - [OASIS SAML v2.0 Errata 05](https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8196_1983180497) - [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-defense-philosophy)

Credit: dl_cve@linecorp.com dl_cve@linecorp.com

Affected Software	Affected Version	How to fix
maven/com.linecorp.centraldogma:centraldogma-server	<0.64.1	0.64.1
Linecorp Central Dogma	<0.64.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-1143?
CVE-2024-1143 is considered a critical vulnerability due to its potential for user session leakage and authentication bypass.
How do I fix CVE-2024-1143?
To mitigate CVE-2024-1143, upgrade Central Dogma to version 0.64.1 or later.
Which software is affected by CVE-2024-1143?
CVE-2024-1143 affects Central Dogma versions prior to 0.64.1.
What type of attack does CVE-2024-1143 involve?
CVE-2024-1143 involves a Cross-Site Scripting (XSS) attack vector targeting user sessions.
What is the impact of CVE-2024-1143 on users?
CVE-2024-1143 allows attackers to bypass authentication, potentially compromising sensitive user data.

agent/type
agent/first-publish-date
agent/references
agent/author
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/severity
agent/softwarecombine
collector/nvd-cve
agent/event
collector/github-advisory-latest
source/GitHub
alias/GHSA-34q3-p352-c7q8
alias/CVE-2024-1143
agent/weakness
collector/github-advisory
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/trending
agent/tags
agent/source
vendor/linecorp
canonical/linecorp central dogma
package-manager/maven

Frequently Asked Questions

What is the severity of CVE-2024-1143?
CVE-2024-1143 is considered a critical vulnerability due to its potential for user session leakage and authentication bypass.
How do I fix CVE-2024-1143?
To mitigate CVE-2024-1143, upgrade Central Dogma to version 0.64.1 or later.
Which software is affected by CVE-2024-1143?
CVE-2024-1143 affects Central Dogma versions prior to 0.64.1.
What type of attack does CVE-2024-1143 involve?
CVE-2024-1143 involves a Cross-Site Scripting (XSS) attack vector targeting user sessions.
What is the impact of CVE-2024-1143 on users?
CVE-2024-1143 allows attackers to bypass authentication, potentially compromising sensitive user data.

CVE-2024-1143: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-1143?

How do I fix CVE-2024-1143?

Which software is affected by CVE-2024-1143?

What type of attack does CVE-2024-1143 involve?

What is the impact of CVE-2024-1143 on users?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2024-1143?

How do I fix CVE-2024-1143?

Which software is affected by CVE-2024-1143?

What type of attack does CVE-2024-1143 involve?

What is the impact of CVE-2024-1143 on users?