Karapace Authentication Bypass Vulnerability in OAuth 2.0 Bearer Token Authentication
Vulnerability
An authentication bypass vulnerability has been identified in Karapace versions 5.0.0 and 5.0.1, specifically when OAuth 2.0 Bearer Token authentication is enabled. The vulnerability arises because requests lacking an Authorization header bypass the token validation process, allowing unauthenticated users to access and modify Schema Registry endpoints that should be secured. This flaw undermines the effectiveness of the OAuth authentication mechanism.
Impact
Exploitation of this vulnerability allows unauthenticated users to read and write to protected Schema Registry endpoints, bypassing OAuth authentication requirements.
Reproduction
To reproduce this vulnerability, send a request to a Karapace server with OAuth 2.0 Bearer Token authentication enabled, but without an Authorization header. The server will process the request without validating a token, allowing access to Schema Registry endpoints that should be restricted.
Remediation
Users are advised to upgrade to Karapace version 5.0.2, which addresses this vulnerability by enforcing token validation for requests when OAuth Bearer authentication is enabled.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.