OliveTin OAuth2 Unauthenticated Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in OliveTin versions prior to 3000.10.3, within the OAuth2 login process. This issue allows remote attackers to crash the service by sending concurrent requests to the OAuth2 login endpoint. The vulnerability arises from unsynchronized access to a shared map that stores login states, leading to a Go runtime panic and process termination. This problem can be exploited when OAuth2 is enabled and the service is accessible over the network.
Impact
Exploitation of this vulnerability causes the OliveTin service to crash, leading to a loss of availability until the process is restarted.
Reproduction
To reproduce this vulnerability, start OliveTin with an OAuth2 provider configured, such as GitHub, and expose the service on a network port. After confirming that the service is running and OAuth2 login is accessible, use a Python script to send a high volume of concurrent requests to the OAuth2 login endpoint. This will trigger the race condition in the state handling, causing the service to panic and terminate.
Remediation
Users can upgrade to OliveTin version 3000.10.3 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.