CVE-2023-48396 - Vulnerability Details - OpenCVE

Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log in any user. Attacker can get secret key in /seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token. This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version 1.0.1, which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/07/30/1
https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-30T08:15:33.731Z

Updated: 2025-02-13T17:18:18.107Z

Reserved: 2023-11-16T06:55:43.177Z

Link: CVE-2023-48396

Vulnrichment

Updated: 2024-08-02T21:30:34.963Z

NVD

Status : Awaiting Analysis

Published: 2024-07-30T09:15:02.540

Modified: 2024-11-21T08:31:37.970

Link: CVE-2023-48396

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2023-48396", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-16T06:55:43.177Z", "datePublished": "2024-07-30T08:15:33.731Z", "dateUpdated": "2025-02-13T17:18:18.107Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache SeaTunnel Web", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "1.0.0"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "jiahua huang / Joyh"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Web Authentication vulnerability in Apache SeaTunnel. <span style=\"background-color: rgb(255, 255, 255);\">Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.<br><br></span>Attacker can get <span style=\"background-color: rgb(255, 255, 255);\">secret key in <span style=\"background-color: rgb(255, 255, 255);\">/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.</span></span><br><p>This issue affects Apache SeaTunnel: 1.0.0.</p><p>Users are recommended to upgrade to version 1.0.1, which fixes the issue.</p>"}], "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-30T08:20:06.207Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache SeaTunnel Web: Authentication bypass", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "apache", "product": "seatunnel", "cpes": ["cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0.0", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-30T13:28:08.790672Z", "id": "CVE-2023-48396", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T15:20:29.540Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.963Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.963Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-48396", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-30T13:28:08.790672Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:apache:seatunnel:1.0.0:*:*:*:*:*:*:*"], "vendor": "apache", "product": "seatunnel", "versions": [{"status": "affected", "version": "1.0.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-30T13:32:53.395Z"}}], "cna": {"title": "Apache SeaTunnel Web: Authentication bypass", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "jiahua huang / Joyh"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache SeaTunnel Web", "versions": [{"status": "affected", "version": "1.0.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Web Authentication vulnerability in Apache SeaTunnel. <span style=\"background-color: rgb(255, 255, 255);\">Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.<br><br></span>Attacker can get <span style=\"background-color: rgb(255, 255, 255);\">secret key in <span style=\"background-color: rgb(255, 255, 255);\">/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.</span></span><br><p>This issue affects Apache SeaTunnel: 1.0.0.</p><p>Users are recommended to upgrade to version 1.0.1, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-07-30T08:15:33.731Z"}}}, "cveMetadata": {"cveId": "CVE-2023-48396", "state": "PUBLISHED", "dateUpdated": "2024-08-02T21:30:34.963Z", "dateReserved": "2023-11-16T06:55:43.177Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-07-30T08:15:33.731Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Web Authentication vulnerability in Apache SeaTunnel.\u00a0Since the jwt key is hardcoded in the application, an attacker can forge\nany token to log in any user.\n\nAttacker can get\u00a0secret key in\u00a0/seatunnel-server/seatunnel-app/src/main/resources/application.yml and then create a token.\nThis issue affects Apache SeaTunnel: 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.1, which fixes the issue."}, {"lang": "es", "value": " Vulnerabilidad de autenticaci\u00f3n web en Apache SeaTunnel. Dado que la clave jwt est\u00e1 codificada en la aplicaci\u00f3n, un atacante puede falsificar cualquier token para iniciar sesi\u00f3n en cualquier usuario. El atacante puede obtener la clave secreta en /seatunnel-server/seatunnel-app/src/main/resources/application.yml y luego crear un token. Este problema afecta a Apache SeaTunnel: 1.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.0.1, que soluciona el problema."}], "id": "CVE-2023-48396", "lastModified": "2024-11-21T08:31:37.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-30T09:15:02.540", "references": [{"source": "security@apache.org", "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2024/07/30/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread/1tdxfjksx0vb9gtyt77wlr6rdcy1qwmw"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "security@apache.org", "type": "Secondary"}]}