Miggo Logo
Miggo Vulnerability Database
GHSA-7fjv-25q9-2w88

GHSA-7fjv-25q9-2w88: State Guessing Vulnerability in laravel/socialite

N/A

CVSS Score

Basic Information

CVE ID
-
GHSA ID
GHSA-7fjv-25q9-2w88
EPSS Score
-
CWE
-
Published
5/15/2024
Updated
5/15/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
laravel/socialitecomposer>= 1.0.0, < 2.0.102.0.10

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper state parameter handling in OAuth flow. The key change in the patch replaces session->get() with session->pull() in the hasInvalidState method. get() leaves the state in the session, allowing attackers to bypass single-use protection through brute-force guessing. The vulnerable function's logic (checking input against a persistent session value) directly enabled this weakness. The test case modifications and commit message explicitly reference this state management fix as the security resolution.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

l*r*v*l/so*i*lit* v*rsions prior to *.*.** *r* sus**pti*l* to * s**urity vuln*r**ility r*l*t** to st*t* *u*ssin* *urin* O*ut* *ut**nti**tion. T*is vuln*r**ility *oul* pot*nti*lly l*** to s*ssion *ij**kin*, *llowin* *tt**k*rs to *ompromis* us*r s*ssio

Reasoning

T** vuln*r**ility st*mm** *rom improp*r st*t* p*r*m*t*r **n*lin* in O*ut* *low. T** k*y ***n** in t** p*t** r*pl***s `s*ssion->**t()` wit* `s*ssion->pull()` in t** `**sInv*li*St*t*` m*t*o*. `**t()` l**v*s t** st*t* in t** s*ssion, *llowin* *tt**k*rs