Skip to content

Authentication bypass in SilverStripe GraphQL

Moderate severity GitHub Reviewed Published Jun 10, 2021 to the GitHub Advisory Database • Updated Feb 7, 2024

Package

composer silverstripe/graphql (Composer)

Affected versions

>= 3.0.0, < 3.5.0
>= 4.0.0-alpha1, < 4.0.0-alpha2

Patched versions

3.5.0
4.0.0-alpha2

Description

The GraphQL module accepts basic-auth as an authentication method by default. This can be used to bypass MFA authentication if the silverstripe/mfa module is installed, which is now a commonly installed module. A users password is still required though.

Basic-auth has been removed as a default authentication method. If desired, it can be re-enabled by adding it to the authenticators key of a schema, or on SilverStripe\Graphql\Auth\Handler

References

Published by the National Vulnerability Database Jun 8, 2021
Reviewed Jun 10, 2021
Published to the GitHub Advisory Database Jun 10, 2021
Last updated Feb 7, 2024

Severity

Moderate
6.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses

CVE ID

CVE-2020-26136

GHSA ID

GHSA-mg2g-8pwj-r2j2

Source code

No known source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.