CVE-2024-22206 - Vulnerability Details - OpenCVE

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00264.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Clerk	Javascript

Configuration 1 [-]

cpe:2.3:a:clerk:javascript:*:*:*:*:*:node.js:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-0398	Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Github GHSA	GHSA-q6w5-jg5q-47vg	@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://clerk.com/changelog/2024-01-12
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg

History

Thu, 14 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-12T20:07:40.402Z

Updated: 2024-11-14T15:42:39.402Z

Reserved: 2024-01-08T04:59:27.373Z

Link: CVE-2024-22206

Vulnrichment

Updated: 2024-08-01T22:35:34.930Z

NVD

Status : Modified

Published: 2024-01-12T20:15:47.420

Modified: 2024-11-21T08:55:47.860

Link: CVE-2024-22206

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22206", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.373Z", "datePublished": "2024-01-12T20:07:40.402Z", "dateUpdated": "2024-11-14T15:42:39.402Z"}, "containers": {"cna": {"title": "@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-287", "lang": "en", "description": "CWE-287: Improper Authentication", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"}, {"name": "https://clerk.com/changelog/2024-01-12", "tags": ["x_refsource_MISC"], "url": "https://clerk.com/changelog/2024-01-12"}, {"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "tags": ["x_refsource_MISC"], "url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"}], "affected": [{"vendor": "clerk", "product": "javascript", "versions": [{"version": ">= 4.7.0, < 4.29.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T20:07:40.402Z"}, "descriptions": [{"lang": "en", "value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"}], "source": {"advisory": "GHSA-q6w5-jg5q-47vg", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.930Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"}, {"name": "https://clerk.com/changelog/2024-01-12", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://clerk.com/changelog/2024-01-12"}, {"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-14T15:42:26.578504Z", "id": "CVE-2024-22206", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T15:42:39.402Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://clerk.com/changelog/2024-01-12", "name": "https://clerk.com/changelog/2024-01-12", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.930Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-14T15:42:26.578504Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-14T15:42:36.161Z"}}], "cna": {"title": "@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)", "source": {"advisory": "GHSA-q6w5-jg5q-47vg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "clerk", "product": "javascript", "versions": [{"status": "affected", "version": ">= 4.7.0, < 4.29.3"}]}], "references": [{"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://clerk.com/changelog/2024-01-12", "name": "https://clerk.com/changelog/2024-01-12", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287: Improper Authentication"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-12T20:07:40.402Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22206", "state": "PUBLISHED", "dateUpdated": "2024-11-14T15:42:39.402Z", "dateReserved": "2024-01-08T04:59:27.373Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-12T20:07:40.402Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clerk:javascript:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "750A6387-63D6-4EB8-825D-D77873BC36CC", "versionEndExcluding": "4.29.3", "versionStartIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"}, {"lang": "es", "value": "Clerk ayuda a los desarrolladores a crear gesti\u00f3n de usuarios. Acceso no autorizado o escalada de privilegios debido a un fallo l\u00f3gico en auth() en App Router o getAuth() en Pages Router. Esta vulnerabilidad fue parcheada en la versi\u00f3n 4.29.3."}], "id": "CVE-2024-22206", "lastModified": "2024-11-21T08:55:47.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-12T20:15:47.420", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://clerk.com/changelog/2024-01-12"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Release Notes"], "url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://clerk.com/changelog/2024-01-12"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Release Notes"], "url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-287"}, {"lang": "en", "value": "CWE-639"}], "source": "security-advisories@github.com", "type": "Secondary"}]}