VYPR
Unrated severityNVD Advisory· Published Apr 8, 2024· Updated Aug 2, 2024

Saleor CSRF bypass in refreshToken mutation

CVE-2024-31205

Description

Saleor is an e-commerce platform. Starting in version 3.10.0 and prior to versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19, an attacker may bypass cross-set request forgery (CSRF) validation when calling refresh token mutation with empty string. When a user provides an empty string in refreshToken mutation, while the token persists in JWT_REFRESH_TOKEN_COOKIE_NAME cookie, application omits validation against CSRF token and returns valid access token. Versions 3.14.64, 3.15.39, 3.16.39, 3.17.35, 3.18.31, and 3.19.19 contain a patch for the issue. As a workaround, one may replace saleor.graphql.account.mutations.authentication.refresh_token.py.get_refresh_token. This will fix the issue, but be aware, that it returns JWT_MISSING_TOKEN instead of JWT_INVALID_TOKEN.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Saleor/Saleorllm-fuzzy2 versions
    <3.14.64, <3.15.39, <3.16.39, <3.17.35, <3.18.31, <3.19.19+ 1 more
    • (no CPE)range: <3.14.64, <3.15.39, <3.16.39, <3.17.35, <3.18.31, <3.19.19
    • (no CPE)range: >= 3.10.0, < 3.14.64

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.