Описание
Authentication bypass in SilverStripe GraphQL
The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.
Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-26136
- https://forum.silverstripe.org/c/releases
- https://github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/CVE-2020-26136.yaml
- https://www.silverstripe.org/blog/tag/release
- https://www.silverstripe.org/download/security-releases
- https://www.silverstripe.org/download/security-releases/cve-2020-26136
Пакеты
Наименование
silverstripe/graphql
composer
Затронутые версииВерсия исправления
>= 3.0.0, < 3.5.0
3.5.0
Наименование
silverstripe/graphql
composer
Затронутые версииВерсия исправления
>= 4.0.0-alpha1, < 4.0.0-alpha2
4.0.0-alpha2
Связанные уязвимости
CVSS3: 6.5
nvd
больше 4 лет назад
In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-factor authentication) when using basic authentication.