We have recently identified and addressed a significant security vulnerability concerning an open redirect in the "Sign In with GitHub" functionality of our login process. This vulnerability could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into Novu under the victim's account gaining full control of the account. This flaw has been fixed in v0.16.
Am I affected?
This vulnerability only affected the Novu Cloud and Open-Source deployments if you have manually enabled the GitHub OAuth on your self-hosted instance of Novu.
Vulnerability Details
- CVE Identifier: CVE-2023-35948
- Severity: Medium
- CVSS Score: 5.4
- Affected Component: Sign In with GitHub functionality
- Vulnerable Version: <= v0.15
- Fixed in Version: v0.16
- Fixed in PR: (#3510)
Description
An open redirect vulnerability was found in the "Sign In with GitHub" functionality. This vulnerability allowed an attacker to craft a malicious URL, which, when accessed by the victim by tricking him into clicking it, could lead to the attacker logging into the application as the victim.
Discovery and Attribution
This vulnerability was responsibly disclosed by Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. We are grateful for his diligence and commitment to ensuring the security of our community.
Mitigation
We strongly recommend all users to update to the latest patched version which includes a fix for this vulnerability. The patch validates incoming redirects, preventing the exploit. Users are also advised to be wary of any suspicious links and to always confirm the legitimacy of URLs before proceeding.
Acknowledgments
We would like to extend our sincere gratitude to Kentaro Ishii for his responsible disclosure. This demonstrates the positive impact that the security community can have when they work in collaboration with open-source projects. Together, we can ensure a safer environment for all users.
Future Steps
We are committed to the security of our users and will continue to investigate and resolve any potential vulnerabilities. We encourage all users and security researchers to report any suspicious activity or potential security vulnerabilities to our security team.
In conclusion, we suggest all users that have an Open-Source deployment of Novu to update their systems to the latest version. We apologize for any inconvenience this may have caused and thank you for your understanding.
Fiftieth0252 Reporter
We have recently identified and addressed a significant security vulnerability concerning an open redirect in the "Sign In with GitHub" functionality of our login process. This vulnerability could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into Novu under the victim's account gaining full control of the account. This flaw has been fixed in v0.16.
Am I affected?
This vulnerability only affected the Novu Cloud and Open-Source deployments if you have manually enabled the GitHub OAuth on your self-hosted instance of Novu.
Vulnerability Details
Description
An open redirect vulnerability was found in the "Sign In with GitHub" functionality. This vulnerability allowed an attacker to craft a malicious URL, which, when accessed by the victim by tricking him into clicking it, could lead to the attacker logging into the application as the victim.
Discovery and Attribution
This vulnerability was responsibly disclosed by Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. We are grateful for his diligence and commitment to ensuring the security of our community.
Mitigation
We strongly recommend all users to update to the latest patched version which includes a fix for this vulnerability. The patch validates incoming redirects, preventing the exploit. Users are also advised to be wary of any suspicious links and to always confirm the legitimacy of URLs before proceeding.
Acknowledgments
We would like to extend our sincere gratitude to Kentaro Ishii for his responsible disclosure. This demonstrates the positive impact that the security community can have when they work in collaboration with open-source projects. Together, we can ensure a safer environment for all users.
Future Steps
We are committed to the security of our users and will continue to investigate and resolve any potential vulnerabilities. We encourage all users and security researchers to report any suspicious activity or potential security vulnerabilities to our security team.
In conclusion, we suggest all users that have an Open-Source deployment of Novu to update their systems to the latest version. We apologize for any inconvenience this may have caused and thank you for your understanding.