Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

auth-server Privilege Escalation Vulnerability #1646

cdchris12 opened this issue Feb 8, 2020 · 0 comments

auth-server Privilege Escalation Vulnerability #1646

cdchris12 opened this issue Feb 8, 2020 · 0 comments


Copy link

@cdchris12 cdchris12 commented Feb 8, 2020

A security issue was discovered in the auth-server component of Lagoon, affecting version 1.2.0

Am I vulnerable?

If you are using Lagoon version 1.2.0 or Lagoon 1.1.0, yes

How do I mitigate this vulnerability?

This vulnerability can be mitigated by upgrading to Lagoon 1.2.1

Vulnerability Details

A vulnerability has been discovered in the auth-server Lagoon component which allows any user with access to any project's cli pod to request a new JWT token for any supplied user ID. Though these Lagoon user ID values are not public, they are visible with a bit of investigation. This could potentially allow any user to impersonate and obtain the privileges of any other user, including a Lagoon administrator.

This issue was resolved by implementing JWT token authentication for all calls to the auth-server, with commit 3774144.

A special thanks goes out to @smlx for discovering and documenting this vulnerability and to @rocketeerbkw for quickly implementing a fix.

@cdchris12 cdchris12 added the 9-security label Feb 8, 2020
@cdchris12 cdchris12 self-assigned this Feb 8, 2020
@cdchris12 cdchris12 closed this Feb 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.