CVE-2024-1143: XSS

Published Feb 2, 2024
·
Updated

### Vulnerability Overview A vulnerability has been identified in Central Dogma versions prior to 0.64.1, allowing for the leakage of user sessions and subsequent authentication bypass. The issue stems from a Cross-Site Scripting (XSS) attack vector that targets the RelayState of Security Assertion Markup Language (SAML). ### Impact Successful exploitation of this vulnerability enables malicious actors to leak user sessions, leading to the compromise of authentication mechanisms. This, in turn, can facilitate unauthorized access to sensitive resources. ### Patches This vulnerability is addressed and resolved in Central Dogma version 0.64.1 Users are strongly encouraged to upgrade to this version or later to mitigate the risk associated with the authentication bypass. ### Workarounds No viable workarounds are currently available for this vulnerability. It is recommended to apply the provided patch promptly. ### References - [OASIS SAML v2.0 Errata 05](https://docs.oasis-open.org/security/saml/v2.0/errata05/os/saml-v2.0-errata05-os.html#__RefHeading__8196_1983180497) - [OWASP XSS Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#xss-defense-philosophy)

Affected Software

2 affected componentsFixes available
maven/com.linecorp.centraldogma:centraldogma-server<0.64.1
0.64.1
linecorp Central Dogma<0.64.1

Event History

Feb 2, 2024
CVE Published
via MITRE·06:01 AM
Data Sourced
via MITRE·06:01 AM
DescriptionSeverityWeakness
Advisory Published
via GitHub·04:55 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-1143?

CVE-2024-1143 is considered a critical vulnerability due to its potential for user session leakage and authentication bypass.

2

How do I fix CVE-2024-1143?

To mitigate CVE-2024-1143, upgrade Central Dogma to version 0.64.1 or later.

3

Which software is affected by CVE-2024-1143?

CVE-2024-1143 affects Central Dogma versions prior to 0.64.1.

4

What type of attack does CVE-2024-1143 involve?

CVE-2024-1143 involves a Cross-Site Scripting (XSS) attack vector targeting user sessions.

5

What is the impact of CVE-2024-1143 on users?

CVE-2024-1143 allows attackers to bypass authentication, potentially compromising sensitive user data.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203