CVE-2024-30173 – causal/oidc

Package

Manager: composer
Name: causal/oidc
Vulnerable Version: >=0 <2.1.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass The authentication service of the extension does not verify the OpenID Connect authentication state from the user lookup chain. Instead, the authentication service authenticates every valid frontend user from the user lookup chain, where the frontend user field “tx_oidc” is not empty. In scenarios, where either ext:felogin is active or where `$GLOBALS['TYPO3_CONF_VARS'][‘FE’][‘checkFeUserPid’]` is disabled, an attacker can login to OpenID Connect frontend user accounts by providing a valid username and any password.

Metadata

Created: 2024-04-02T18:21:49Z
Modified: 2024-04-02T18:21:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-hhf8-f5w9-g6vh/GHSA-hhf8-f5w9-g6vh.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-hhf8-f5w9-g6vh
Finding: F039
Auto approve: 1