Freeebird Hotel API Cross-Domain Policy Vulnerability in SessionInterceptor
Vulnerability
A cross-domain policy vulnerability has been identified in the Freeebird Hotel management system API, affecting versions through 1.2. The issue arises in the SessionInterceptor.java file, where the server's CORS implementation blindly reflects the Origin header into the Access-Control-Allow-Origin response, without any validation against a whitelist. This flaw allows untrusted domains to make authenticated cross-origin requests, potentially leading to the exfiltration of sensitive information. The vulnerability can be exploited remotely, but requires user interaction.
Impact
Exploitation of this vulnerability allows for a permissive cross-domain policy, enabling untrusted domains to make authenticated requests to the API and access sensitive user data.
Reproduction
The vulnerability can be reproduced by logging into the application and then sending a request to the vulnerable API endpoint with a malicious Origin header. This can be done using a curl command or by hosting a malicious webpage that performs the same action.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.