Gainsight Assist Information Disclosure Vulnerability

A vulnerability allowing the extraction of user email addresses, encoded in base64, has been identified in the Gainsight Assist plugin. This information is exposed through the state parameter in the OAuth callback URL, following authentication attempts via Salesforce and Okta. The base64 encoding serves as mere obfuscation, not encryption, making it easy for third parties to access these email addresses through server logs, proxies, or browser history.

Impact

Exploitation of this vulnerability allows for unauthorized access to personal email information, which can be harvested and potentially misused.

Reproduction

The vulnerability can be reproduced by initiating an OAuth authentication process with Gainsight Assist using Salesforce or Okta. When an authentication error occurs, the callback URL will contain a state parameter that includes the user's email address in base64 encoding. This encoded email can be decoded and accessed by anyone who can view the URL, such as through browser history or server logs.

Remediation

Gainsight has released a patched update for the Chrome and Outlook plugins to address this information disclosure vulnerability. Users should ensure they are using the latest version of the Gainsight Assist plugin.