Cronmaster Authentication Bypass Vulnerability Allowing Unauthorized Access and Privileged Action Execution
Vulnerability
An authentication bypass vulnerability has been identified in Cronmaster versions prior to 2.2.0. The issue arises in the middleware's session validation process, where unauthenticated requests with invalid session cookies can be mistakenly treated as authenticated. This flaw allows unauthorized access to protected pages and the execution of privileged Next.js Server Actions. The vulnerability occurs because the middleware fails to securely handle exceptions during session validation, enabling attackers to exploit the flaw by supplying invalid session cookies and causing the validation to fail.
Impact
Exploitation of this vulnerability allows unauthenticated attackers to access protected pages and execute privileged Next.js Server Actions, bypassing authentication requirements.
Remediation
Users can upgrade to Cronmaster version 2.2.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.