CVE-2024-57190
BaseFortify
Publication date: 2025-06-10
Last updated on: 2025-06-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| erxes | erxes | to 1.6.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Erxes versions prior to 1.6.1 allows an attacker to bypass authentication by sending a 'User' HTTP header with any user value. This lets the attacker access any GraphQL endpoint as if they were that user, due to improper access control that trusts the client-supplied 'User' header instead of verifying user identity securely on the server side. [1]
How can this vulnerability impact me? :
The vulnerability can allow unauthorized users to impersonate any user and access sensitive data or perform actions through the GraphQL API without proper authentication. This can lead to data breaches, unauthorized data modification, and potential compromise of the system's integrity and confidentiality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by monitoring HTTP requests to your GraphQL endpoints for the presence of a 'User' HTTP header. Specifically, look for requests that include a 'User' header with arbitrary values, which indicates an attempt to bypass authentication. For example, using curl to test: curl -H "User: arbitraryUser" https://your-erxes-instance/graphql and observing if unauthorized data is returned. Additionally, network monitoring tools or intrusion detection systems can be configured to alert on requests containing the 'User' header to GraphQL endpoints. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the security hotfix that removes and ignores the 'User' HTTP header from incoming requests, ensuring that user identity is not derived from client-supplied headers. This involves updating your erxes platform to version 1.6.1 or later where the patch is applied. The patch deletes the 'User' header early in the request processing middleware and adds validation in the GraphQL resolver to prevent unauthorized access. Until the patch is applied, consider blocking or filtering requests containing the 'User' header at your network or application firewall. [1]