Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c
Casdoor CORS misconfiguration (GHSL-2024-035)
Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any website to make cross domain requests to Casdoor as the logged in user. Due to the a logic error in checking only for a prefix when authenticating the Origin header, any domain can create a valid subdomain with a valid subdomain prefix (Ex: localhost.example.com), allowing the website to make requests to Casdoor as the current signed-in user.
Permalink: https://github.com/advisories/GHSA-mchx-7j67-8mcfJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tY2h4LTdqNjctOG1jZs4AA-4c
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Identifiers: GHSA-mchx-7j67-8mcf, CVE-2024-41657
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-41657
- https://github.com/casdoor/casdoor/blob/v1.577.0/routers/cors_filter.go#L45
- https://securitylab.github.com/advisories/GHSL-2024-035_GHSL-2024-036_casdoor
- https://github.com/advisories/GHSA-mchx-7j67-8mcf
Blast Radius: 0.0
Affected Packages
go:github.com/casdoor/casdoor
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: <= 1.557.0
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 1.8.0, 1.8.1, 1.9.0, 1.10.0, 1.10.1, 1.10.2, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.12.2, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 1.14.1, 1.15.0, 1.15.1, 1.15.2, 1.15.3, 1.15.4, 1.16.0, 1.16.1, 1.16.2, 1.16.3, 1.16.4, 1.16.5, 1.16.6, 1.17.0, 1.18.0, 1.19.0, 1.19.1, 1.19.2, 1.20.0, 1.20.1, 1.20.2, 1.21.0, 1.21.1, 1.22.0, 1.23.0, 1.23.1, 1.23.2, 1.24.0, 1.24.1, 1.25.0, 1.25.1, 1.25.2, 1.26.0, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.27.6, 1.28.0, 1.29.0, 1.29.1, 1.29.2, 1.30.0, 1.30.1, 1.30.2, 1.30.3, 1.30.4, 1.30.5, 1.31.0, 1.32.0, 1.32.1, 1.32.2, 1.32.3, 1.32.4, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.1, 1.35.0, 1.35.1, 1.36.0, 1.36.1, 1.36.2, 1.37.0, 1.37.1, 1.37.2, 1.38.0, 1.39.0, 1.40.0, 1.41.0, 1.41.1, 1.42.0, 1.43.0, 1.44.0, 1.44.1, 1.44.2, 1.44.3, 1.44.4, 1.44.5, 1.44.6, 1.44.7, 1.44.8, 1.44.9, 1.45.0, 1.46.0, 1.47.0, 1.47.1, 1.47.2, 1.48.0, 1.49.0, 1.49.1, 1.50.0, 1.51.0, 1.52.0, 1.53.0, 1.54.0, 1.54.1, 1.54.2, 1.54.3, 1.54.4, 1.54.5, 1.54.6, 1.54.7, 1.54.8, 1.54.9, 1.55.0, 1.56.0, 1.56.1, 1.56.2, 1.57.0, 1.58.0, 1.58.1, 1.58.2, 1.58.3, 1.58.4, 1.58.5, 1.59.0, 1.60.0, 1.60.1, 1.61.0, 1.62.0, 1.62.1, 1.62.2, 1.62.3, 1.62.4, 1.62.5, 1.62.6, 1.62.7, 1.63.0, 1.63.1, 1.63.2, 1.64.0, 1.65.0, 1.66.0, 1.67.0, 1.67.1, 1.68.0, 1.69.0, 1.70.0, 1.70.1, 1.71.0, 1.71.1, 1.71.2, 1.71.3, 1.71.4, 1.71.5, 1.72.0, 1.73.0, 1.74.0, 1.74.1, 1.75.0, 1.75.1, 1.75.2, 1.76.0, 1.77.0, 1.77.1, 1.77.2, 1.77.3, 1.78.0, 1.78.1, 1.78.2, 1.79.0, 1.80.0, 1.80.1, 1.81.0, 1.81.1, 1.81.2, 1.81.3, 1.82.0, 1.82.1, 1.82.2, 1.83.0, 1.84.0, 1.84.1, 1.85.0, 1.86.0, 1.86.1, 1.87.0, 1.88.0, 1.88.1, 1.89.0, 1.90.0, 1.91.0, 1.91.1, 1.92.0, 1.93.0, 1.94.0, 1.94.1, 1.95.0, 1.96.0, 1.97.0, 1.97.1, 1.97.2, 1.97.3, 1.97.4, 1.98.0, 1.98.1, 1.98.2, 1.99.0, 1.99.1, 1.100.0, 1.101.0, 1.101.1, 1.101.2, 1.102.0, 1.103.0, 1.103.1, 1.104.0, 1.104.1, 1.104.2, 1.105.0, 1.105.1, 1.105.2, 1.106.0, 1.107.0, 1.108.0, 1.109.0, 1.110.0, 1.110.1, 1.111.0, 1.111.1, 1.111.2, 1.112.0, 1.113.0, 1.113.1, 1.114.0, 1.115.0, 1.116.0, 1.116.1, 1.117.0, 1.118.0, 1.118.1, 1.118.2, 1.119.0, 1.119.1, 1.120.0, 1.121.0, 1.122.0, 1.122.1, 1.122.2, 1.123.0, 1.124.0, 1.125.0, 1.126.0, 1.126.1, 1.127.0, 1.128.0, 1.128.1, 1.129.0, 1.130.0, 1.130.1, 1.130.2, 1.131.0, 1.131.1, 1.131.2, 1.132.0, 1.132.1, 1.133.0, 1.134.0, 1.134.1, 1.135.0, 1.136.0, 1.137.0, 1.138.0, 1.139.0, 1.140.0, 1.140.1, 1.141.0, 1.142.0, 1.142.1, 1.143.0, 1.143.1, 1.144.0, 1.144.1, 1.145.0, 1.146.0, 1.146.1, 1.147.0, 1.148.0, 1.149.0, 1.150.0, 1.151.0, 1.151.1, 1.151.2, 1.152.0, 1.152.1, 1.153.0, 1.154.0, 1.155.0, 1.155.1, 1.155.2, 1.156.0, 1.157.0, 1.157.1, 1.157.2, 1.158.0, 1.159.0, 1.160.0, 1.161.0, 1.162.0, 1.163.0, 1.164.0, 1.164.1, 1.165.0, 1.166.0, 1.166.1, 1.167.0, 1.168.0, 1.168.1, 1.169.0, 1.170.0, 1.170.1, 1.170.2, 1.171.0, 1.171.1, 1.171.2, 1.172.0, 1.173.0, 1.173.1, 1.173.2, 1.174.0, 1.175.0, 1.175.1, 1.176.0, 1.177.0, 1.178.0, 1.179.0, 1.180.0, 1.180.1, 1.181.0, 1.182.0, 1.182.1, 1.182.2, 1.183.0, 1.183.1, 1.184.0, 1.184.1, 1.185.0, 1.186.0, 1.187.0, 1.188.0, 1.188.1, 1.189.0, 1.190.0, 1.191.0, 1.192.0, 1.193.0, 1.194.0, 1.195.0, 1.196.0, 1.196.1, 1.197.0, 1.198.0, 1.199.0, 1.199.1, 1.200.0, 1.201.0, 1.202.0, 1.203.0, 1.203.1, 1.204.0, 1.205.0, 1.206.0, 1.207.0, 1.208.0, 1.209.0, 1.210.0, 1.211.0, 1.212.0, 1.213.0, 1.213.1, 1.214.0, 1.215.0, 1.216.0, 1.217.0, 1.218.0, 1.219.0, 1.220.0, 1.220.1, 1.221.0, 1.222.0, 1.223.0, 1.224.0, 1.225.0, 1.226.0, 1.226.1, 1.227.0, 1.228.0, 1.228.1, 1.229.0, 1.230.0, 1.231.0, 1.232.0, 1.233.0, 1.234.0, 1.235.0, 1.236.0, 1.237.0, 1.238.0, 1.239.0, 1.240.0, 1.240.1, 1.240.2, 1.240.3, 1.241.0, 1.242.0, 1.242.1, 1.243.0, 1.244.0, 1.245.0, 1.245.1, 1.246.0, 1.246.1, 1.247.0, 1.248.0, 1.249.0, 1.250.0, 1.250.1, 1.251.0, 1.252.0, 1.252.1, 1.253.0, 1.254.0, 1.254.1, 1.255.0, 1.255.1, 1.256.0, 1.256.1, 1.257.0, 1.258.0, 1.259.0, 1.260.0, 1.261.0, 1.262.0, 1.262.1, 1.263.0, 1.264.0, 1.264.1, 1.265.0, 1.265.1, 1.266.0, 1.267.0, 1.268.0, 1.269.0, 1.270.0, 1.270.1, 1.271.0, 1.272.0, 1.273.0, 1.274.0, 1.275.0, 1.276.0, 1.277.0, 1.278.0, 1.278.1, 1.279.0, 1.280.0, 1.281.0, 1.282.0, 1.283.0, 1.284.0, 1.284.1, 1.285.0, 1.286.0, 1.287.0, 1.288.0, 1.288.1, 1.289.0, 1.289.1, 1.290.0, 1.290.1, 1.291.0, 1.291.1, 1.292.0, 1.292.1, 1.293.0, 1.294.0, 1.295.0, 1.296.0, 1.297.0, 1.297.1, 1.298.0, 1.299.0, 1.299.1, 1.299.2, 1.300.0, 1.301.0, 1.301.1, 1.302.0, 1.302.1, 1.302.2, 1.302.3, 1.303.0, 1.304.0, 1.305.0, 1.305.1, 1.306.0, 1.307.0, 1.308.0, 1.309.0, 1.310.0, 1.311.0, 1.311.1, 1.312.0, 1.313.0, 1.314.0, 1.315.0, 1.315.1, 1.316.0, 1.316.1, 1.317.0, 1.318.0, 1.318.1, 1.319.0, 1.320.0, 1.320.1, 1.321.0, 1.322.0, 1.322.1, 1.323.0, 1.323.1, 1.323.2, 1.324.0, 1.325.0, 1.326.0, 1.326.1, 1.327.0, 1.328.0, 1.329.0, 1.329.1, 1.330.0, 1.331.0, 1.332.0, 1.333.0, 1.334.0, 1.335.0, 1.335.1, 1.335.2, 1.336.0, 1.337.0, 1.338.0, 1.339.0, 1.340.0, 1.341.0, 1.342.0, 1.342.1, 1.343.0, 1.344.0, 1.345.0, 1.346.0, 1.346.1, 1.347.0, 1.347.1, 1.348.0, 1.348.1, 1.348.2, 1.349.0, 1.350.0, 1.351.0, 1.351.1, 1.351.2, 1.352.0, 1.353.0, 1.354.0, 1.355.0, 1.356.0, 1.357.0, 1.358.0, 1.359.0, 1.360.0, 1.360.1, 1.360.2, 1.361.0, 1.361.1, 1.362.0, 1.362.1, 1.363.0, 1.363.1, 1.364.0, 1.365.0, 1.366.0, 1.366.1, 1.366.2, 1.367.0, 1.368.0, 1.369.0, 1.369.1, 1.370.0, 1.371.0, 1.372.0, 1.372.1, 1.372.2, 1.373.0, 1.374.0, 1.374.1, 1.375.0, 1.375.1, 1.375.2, 1.375.3, 1.376.0, 1.376.1, 1.377.0, 1.377.1, 1.377.2, 1.378.0, 1.378.1, 1.379.0, 1.380.0, 1.380.1, 1.381.0, 1.381.1, 1.381.2, 1.382.0, 1.382.1, 1.383.0, 1.384.0, 1.385.0, 1.385.1, 1.386.0, 1.387.0, 1.387.1, 1.388.0, 1.389.0, 1.390.0, 1.391.0, 1.392.0, 1.393.0, 1.394.0, 1.394.1, 1.395.0, 1.395.1, 1.396.0, 1.396.1, 1.397.0, 1.398.0, 1.399.0, 1.400.0, 1.400.1, 1.401.0, 1.402.0, 1.402.1, 1.403.0, 1.403.1, 1.404.0, 1.405.0, 1.406.0, 1.406.1, 1.406.2, 1.407.0, 1.408.0, 1.409.0, 1.410.0, 1.411.0, 1.412.0, 1.412.1, 1.413.0, 1.414.0, 1.415.0, 1.416.0, 1.417.0, 1.418.0, 1.418.1, 1.419.0, 1.420.0, 1.421.0, 1.421.1, 1.422.0, 1.423.0, 1.423.1, 1.424.0, 1.425.0, 1.426.0, 1.427.0, 1.428.0, 1.429.0, 1.429.1, 1.430.0, 1.431.0, 1.432.0, 1.433.0, 1.434.0, 1.434.1, 1.435.0, 1.436.0, 1.437.0, 1.438.0, 1.439.0, 1.439.1, 1.440.0, 1.441.0, 1.442.0, 1.443.0, 1.444.0, 1.445.0, 1.445.1, 1.445.2, 1.446.0, 1.446.1, 1.447.0, 1.448.0, 1.449.0, 1.450.0, 1.451.0, 1.452.0, 1.453.0, 1.454.0, 1.454.1, 1.455.0, 1.456.0, 1.457.0, 1.458.0, 1.459.0, 1.460.0, 1.461.0, 1.462.0, 1.463.0, 1.464.0, 1.465.0, 1.466.0, 1.467.0, 1.468.0, 1.469.0, 1.470.0, 1.471.0, 1.472.0, 1.473.0, 1.473.1, 1.474.0, 1.475.0, 1.476.0, 1.477.0, 1.478.0, 1.479.0, 1.479.1, 1.480.0, 1.481.0, 1.481.1, 1.482.0, 1.482.1, 1.483.0, 1.484.0, 1.485.0, 1.485.1, 1.486.0, 1.487.0, 1.488.0, 1.489.0, 1.489.1, 1.490.0, 1.491.0, 1.492.0, 1.493.0, 1.494.0, 1.495.0, 1.495.1, 1.496.0, 1.497.0, 1.498.0, 1.499.0, 1.499.1, 1.499.2, 1.500.0, 1.501.0, 1.502.0, 1.503.0, 1.503.1, 1.504.0, 1.505.0, 1.506.0, 1.507.0, 1.508.0, 1.509.0, 1.510.0, 1.510.1, 1.511.0, 1.512.0, 1.513.0, 1.513.1, 1.514.0, 1.515.0, 1.516.0, 1.516.1, 1.517.0, 1.518.0, 1.519.0, 1.520.0, 1.521.0, 1.521.1, 1.522.0, 1.523.0, 1.524.0, 1.524.1, 1.525.0, 1.526.0, 1.527.0, 1.527.1, 1.528.0, 1.528.1, 1.529.0, 1.530.0, 1.531.0, 1.532.0, 1.533.0, 1.534.0, 1.534.1, 1.534.2, 1.535.0, 1.536.0, 1.537.0, 1.538.0, 1.539.0, 1.540.0, 1.541.0, 1.542.0, 1.543.0, 1.544.0, 1.545.0, 1.546.0, 1.546.1, 1.547.0, 1.547.1, 1.548.0, 1.548.1, 1.549.0, 1.550.0, 1.550.1, 1.551.0, 1.552.0, 1.552.1, 1.553.0, 1.553.1, 1.554.0, 1.554.1, 1.555.0, 1.555.1, 1.556.0, 1.556.1, 1.557.0