CVE-2022-23554

Authentication bypass in Alpine

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Alpine is a scaffolding library in Java. Alpine prior to version 1.10.4 allows Authentication Filter bypass. The AuthenticationFilter relies on the request URI to evaluate if the user is accessing the swagger endpoint. By accessing a URL with a path such as /api/foo;%2fapi%2fswagger the contains condition will hold and will return from the authentication filter without aborting the request. Note that the principal object will not be assigned and therefore the issue wont allow user impersonation. This issue has been fixed in version 1.10.4. There are no known workarounds.

Alpine es una librería de andamios en Java. Alpine anterior a la versión 1.10.4 permite omitir el filtro de autenticación. AuthenticationFilter se basa en el URI de solicitud para evaluar si el usuario está accediendo al endpoint de swagger. Al acceder a una URL con una ruta como /api/foo;%2fapi%2fswagger, la condición contiene se mantendrá y regresará del filtro de autenticación sin cancelar la solicitud. Tenga en cuenta que el objeto principal no se asignará y, por lo tanto, el problema no permitirá la suplantación del usuario. Este problema se solucionó en la versión 1.10.4. No se conocen workarounds.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-28 CVE Published
2024-07-20 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-287: Improper Authentication
CWE-697: Incorrect Comparison

CAPEC

References (3)

URL	Tag	Source
https://github.com/stevespringett/Alpine/releases/tag/alpine-parent-1.10.4	Release Notes
https://securitylab.github.com/advisories/GHSL-2021-1010-Alpine	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/stevespringett/Alpine/blob/f03dbda46229c26145a5f9f7f2660cc2c386be02/alpine/src/main/java/alpine/filters/AuthenticationFilter.java#L58-L60	2023-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Alpine Project Search vendor "Alpine Project"		Alpine Search vendor "Alpine Project" for product "Alpine"				< 1.10.4 Search vendor "Alpine Project" for product "Alpine" and version " < 1.10.4"		-		Affected