CVE-2024-31205

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31205
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31205.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-31205
Related
  • GHSA-ff69-fwjf-3c9w
Published
2024-04-08T15:15:08Z
Modified
2025-01-08T15:59:43.861559Z
Summary
[none]
Details

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in refreshToken mutation, while the token persists in JWT_REFRESH_TOKEN_COOKIE_NAME cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token. This will fix the issue, but be aware, that it returns JWT_MISSING_TOKEN instead of JWT_INVALID_TOKEN.

References

Affected packages

Git / github.com/saleor/saleor

Affected ranges

Type
GIT
Repo
https://github.com/saleor/saleor
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.0.0
2.1.0
2.10.0
2.10.0-rc.1
2.10.0-rc.2
2.2.0
2.3.0
2.4.0
2.5.0
2.6.0
2.7.0
2.8.0
2.9.0

3.*

3.0.0-a.0
3.11.0-a.0
3.12.0-a.0
3.13.0-a.0
3.15.0-a.0
3.16.0-a.0
3.17.0-a.0
3.18.0-a.0
3.19.0-a.0
3.2.0

v2016.*

v2016.07.0

v2017.*

v2017.02.0
v2017.02.1
v2017.03.0
v2017.03.1
v2017.03.2
v2017.03.3
v2017.03.4
v2017.07.0
v2017.09
v2017.10
v2017.11
v2017.12
v2017.12.1

v2018.*

v2018.01
v2018.02
v2018.03
v2018.04
v2018.05
v2018.06
v2018.08
v2018.09