Miggo Logo
Miggo Vulnerability Database
CVE-2024-36042

CVE-2024-36042: Silverpeas authentication bypass

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-36042
GHSA ID
GHSA-4w54-wwc9-x62c
EPSS Score
0.38387%
CWE
CWE-288
Published
6/3/2024
Updated
7/5/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.silverpeas.core:silverpeas-coremaven< 6.3.56.3.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from two key flaws: 1) AuthenticationService's checkAuthentication method used isPasswordSet() to select between authentication methods, allowing passwordless requests to use domain-only authentication. 2) AuthenticationServlet's request handling failed to enforce remote authentication flags for passwordless flows. The patch added explicit remote authentication tracking (authenticated flag) and reversed the authentication path selection logic to require explicit proof of external authentication when bypassing password checks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Silv*rp**s ***or* *.*.* *llows *ut**nti**tion *yp*ss *y omittin* t** P*sswor* *i*l* to *ut**nti**tionS*rvl*t, o*t*n provi*in* *n un*ut**nti**t** us*r wit* sup*r**min ****ss.

Reasoning

T** vuln*r**ility st*mm** *rom two k*y *l*ws: *) *ut**nti**tionS*rvi**'s ****k*ut**nti**tion m*t*o* us** isP*sswor*S*t() to s*l**t **tw**n *ut**nti**tion m*t*o*s, *llowin* p*sswor*l*ss r*qu*sts to us* *om*in-only *ut**nti**tion. *) *ut**nti**tionS*rv