CVE-2025-53003
BaseFortify
Publication date: 2025-07-01
Last updated on: 2025-07-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53003 is a vulnerability in the Janssen Project's Config API where the API returns data without verifying the access token's scope. This means unauthorized users can access sensitive internal information such as clients, users, and scripts from the Identity Provider (IDP) by calling API endpoints without having the required permissions. The issue arises because the Config API does not properly enforce scope-based access control, allowing data exposure that should be restricted. This vulnerability was fixed in version 1.8.0 by improving scope validation during access token checks. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive information within the Janssen IAM system. Attackers or unauthorized users can access confidential data such as client details, user information, and scripts without proper authorization. Since the Config API is intended as an internal service, this flaw creates a large internal attack surface that could be exploited to gather information for further attacks or compromise the system's security. It undermines the access control mechanisms and can result in significant data exposure risks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the Janssen Config API endpoint (e.g., https://auth.host/jans-config-api/api/v1/attributes) using an access token that lacks the required scope. If the API returns valid data despite the insufficient token scope, the system is vulnerable. A practical detection method is to use curl or similar HTTP clients to send requests with tokens having limited or no scopes and observe if unauthorized data is returned. For example, you can use a command like: curl -H "Authorization: Bearer <token-without-required-scope>" https://auth.host/jans-config-api/api/v1/attributes and check if sensitive information is returned. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Janssen Config API to version 1.8.0 or later, where the vulnerability is patched. If upgrading immediately is not possible, users can fork and build a patched version of the Config API themselves following the commit 92eea4d referenced in the advisory. Additionally, ensure that the Config API is not exposed to the internet, as it is intended to be an internal service only, to reduce the attack surface. [2, 4]