Skip to content

Open Redirect Vulnerability in Sign-In with GitHub Functionality

Moderate
Cliftonz published GHSA-xxv3-m43w-gv79 Jul 6, 2023

Package

@novu/api

Affected versions

<= v0.15

Patched versions

v0.16

Description

We have recently identified and addressed a significant security vulnerability concerning an open redirect in the "Sign In with GitHub" functionality of our login process. This vulnerability could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into Novu under the victim's account gaining full control of the account. This flaw has been fixed in v0.16.

Am I affected?

This vulnerability only affected the Novu Cloud and Open-Source deployments if you have manually enabled the GitHub OAuth on your self-hosted instance of Novu.

Vulnerability Details

  • CVE Identifier: CVE-2023-35948
  • Severity: Medium
  • CVSS Score: 5.4
  • Affected Component: Sign In with GitHub functionality
  • Vulnerable Version: <= v0.15
  • Fixed in Version: v0.16
  • Fixed in PR: (#3510)

Description

An open redirect vulnerability was found in the "Sign In with GitHub" functionality. This vulnerability allowed an attacker to craft a malicious URL, which, when accessed by the victim by tricking him into clicking it, could lead to the attacker logging into the application as the victim.

Discovery and Attribution

This vulnerability was responsibly disclosed by Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. We are grateful for his diligence and commitment to ensuring the security of our community.

Mitigation

We strongly recommend all users to update to the latest patched version which includes a fix for this vulnerability. The patch validates incoming redirects, preventing the exploit. Users are also advised to be wary of any suspicious links and to always confirm the legitimacy of URLs before proceeding.

Acknowledgments

We would like to extend our sincere gratitude to Kentaro Ishii for his responsible disclosure. This demonstrates the positive impact that the security community can have when they work in collaboration with open-source projects. Together, we can ensure a safer environment for all users.

Future Steps

We are committed to the security of our users and will continue to investigate and resolve any potential vulnerabilities. We encourage all users and security researchers to report any suspicious activity or potential security vulnerabilities to our security team.

In conclusion, we suggest all users that have an Open-Source deployment of Novu to update their systems to the latest version. We apologize for any inconvenience this may have caused and thank you for your understanding.

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVE ID

CVE-2023-35948

Weaknesses

Credits