CVE-2024-29901 - Vulnerability Details - OpenCVE

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00351.

Key SSVC decision points have not yet been added.

Vendors	Products
Workos	Authkit

Configuration 1 [-]

cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-0799	The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
Github GHSA	GHSA-35w3-6qhc-474v	@workos-inc/authkit-nextjs session replay vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01
https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v

History

Wed, 07 May 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Workos Workos authkit
CPEs		cpe:2.3:a:workos:authkit::::::node.js::*
Vendors & Products		Workos Workos authkit

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-29T15:23:02.184Z

Updated: 2024-08-02T01:17:58.024Z

Reserved: 2024-03-21T15:12:09.000Z

Link: CVE-2024-29901

Vulnrichment

Updated: 2024-08-02T01:17:58.024Z

NVD

Status : Analyzed

Published: 2024-03-29T16:15:08.337

Modified: 2025-05-07T17:05:40.670

Link: CVE-2024-29901

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29901", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-21T15:12:09.000Z", "datePublished": "2024-03-29T15:23:02.184Z", "dateUpdated": "2024-08-02T01:17:58.024Z"}, "containers": {"cna": {"title": "@workos-inc/authkit-nextjs session replay vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "lang": "en", "description": "CWE-294: Authentication Bypass by Capture-replay", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}], "affected": [{"vendor": "workos", "product": "authkit-nextjs", "versions": [{"version": "< 0.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-29T15:23:02.184Z"}, "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}], "source": {"advisory": "GHSA-35w3-6qhc-474v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T18:05:37.365811Z", "id": "CVE-2024-29901", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:06:40.754Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.024Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.024Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29901", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T18:05:37.365811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:06:37.825Z"}}], "cna": {"title": "@workos-inc/authkit-nextjs session replay vulnerability", "source": {"advisory": "GHSA-35w3-6qhc-474v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "workos", "product": "authkit-nextjs", "versions": [{"status": "affected", "version": "< 0.4.2"}]}], "references": [{"url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-29T15:23:02.184Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29901", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.024Z", "dateReserved": "2024-03-21T15:12:09.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-29T15:23:02.184Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "836E3139-113E-4429-A9D2-9A0F9BF9CA76", "versionEndExcluding": "0.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}, {"lang": "es", "value": "La librer\u00eda AuthKit para Next.js proporciona ayudas para la autenticaci\u00f3n y la gesti\u00f3n de sesiones utilizando WorkOS y AuthKit con Next.js. Un usuario puede reutilizar una sesi\u00f3n caducada controlando el encabezado `x-workos-session`. La vulnerabilidad est\u00e1 parcheada en v0.4.2."}], "id": "CVE-2024-29901", "lastModified": "2025-05-07T17:05:40.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-29T16:15:08.337", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "nvd@nist.gov", "type": "Primary"}]}