Dromara Northstar Path Handler Authorization Bypass Vulnerability

A critical authentication bypass vulnerability has been identified in Dromara Northstar versions through 7.3.5. The issue resides in the AuthorizationInterceptor class, specifically within the preHandle method. This vulnerability allows unauthorized access to the '/northstar/*' API endpoints by manipulating the request URI to bypass access controls. The flaw can be exploited remotely, leading to unauthorized access and potential information leakage, such as log data, from the application.

Impact

Exploitation of this vulnerability allows for unauthorized access to protected API endpoints, bypassing authentication requirements. This could lead to unauthorized actions being performed on behalf of the user or access to sensitive information exposed by the API, such as application logs.

Reproduction

To reproduce this vulnerability, send a GET request to the '/northstar/log' endpoint using URL encoding to bypass the authorization interceptor. The request must include a valid session cookie to simulate an authenticated user. The response will contain log data, demonstrating successful exploitation of the vulnerability.

Remediation

Users are advised to upgrade to Dromara Northstar version 7.3.6, which addresses this vulnerability by correcting the authorization path handling. The updated version is available for download on the project's Gitee release page.