Simstudioai Sim Authentication Bypass Vulnerability in CRON Secret Handler
Vulnerability
An authentication bypass vulnerability has been identified in Simstudioai Sim versions through 0.5.27. The issue arises in the CRON Secret Handler component, specifically within the internal authorization logic of the file 'apps/sim/lib/auth/internal.ts'. The vulnerability allows improper authentication by manipulating the 'INTERNAL_API_SECRET' argument. This flaw can be exploited remotely, with a public exploit available.
Impact
Exploiting this vulnerability allows attackers to bypass authentication and access internal API routes, particularly CRON endpoints. This could lead to unauthorized execution of scheduled tasks, manipulation of workflow logs, and interference with webhook subscriptions, depending on the specific API accessed.
Reproduction
The vulnerability can be reproduced by deploying the application using the default Docker deployment commands. After the application is running, the 'INTERNAL_API_SECRET' environment variable will be undefined, allowing authentication to be bypassed by sending a request with the 'Authorization' header set to 'Bearer undefined'.
Remediation
Users are advised to update to version 0.5.28 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.