Getmaxun Maxun Authentication Bypass Vulnerability in Auth Endpoint

An authentication bypass vulnerability has been identified in Getmaxun Maxun versions prior to 0.0.29. The issue resides in the authentication endpoint, specifically within the 'router.get' function of 'server/src/routes/auth.ts'. This vulnerability allows any user with a valid token to access information of other users, excluding passwords, thereby improperly authorizing access to sensitive data such as email addresses and private API keys. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for unauthorized access to user information across the platform, including sensitive data such as API keys, effectively granting elevated privileges.

Reproduction

To reproduce this vulnerability, send a GET request to the '/auth/user/{id}' endpoint with a valid token in the cookie. The token should be a JSON Web Token (JWT) that is accepted by the application. The 'id' parameter can be replaced with the ID of any user, allowing the retrieval of their information.

Remediation

Users are advised to update to Getmaxun Maxun version 0.0.29 or later, where this vulnerability has been fixed.