CVE-2023-29860
📋 TL;DR
This vulnerability in DTStack Taier 1.3.0 allows attackers to view sensitive information through insecure permissions in the /Taier/API/tenant/listTenant interface. Attackers can exploit the getCookie method to access data they shouldn't have permission to see. Organizations running Taier 1.3.0 are affected.
💻 Affected Systems
- DTStack Taier
📦 What is this software?
Taier by Dtstack
⚠️ Risk & Real-World Impact
Worst Case
Attackers could access sensitive tenant information, session data, or authentication tokens, potentially leading to full system compromise or data breach.
Likely Case
Unauthorized viewing of tenant configuration data, user information, or system metadata.
If Mitigated
Limited to information disclosure of non-critical system data if proper network segmentation and access controls are in place.
🎯 Exploit Status
Exploitation requires access to the vulnerable endpoint but appears straightforward based on the CWE-732 (Incorrect Permission Assignment) classification.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check GitHub issues for latest patched version
Vendor Advisory: https://github.com/DTStack/Taier/issues/1003
Restart Required: Yes
Instructions:
1. Check the GitHub issue for patch details. 2. Update to the latest version of Taier. 3. Restart the Taier service. 4. Verify the fix by testing the vulnerable endpoint.
🔧 Temporary Workarounds
Restrict API Access
linuxImplement network-level restrictions to limit access to the /Taier/API/tenant/listTenant endpoint
# Example firewall rule (adjust for your environment)
iptables -A INPUT -p tcp --dport [Taier-port] -m string --string "/Taier/API/tenant/listTenant" --algo bm -j DROP
Web Application Firewall Rule
allBlock requests to the vulnerable endpoint using WAF rules
# WAF rule to block the vulnerable endpoint
SecRule REQUEST_URI "@streq /Taier/API/tenant/listTenant" "id:1001,phase:1,deny"
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Taier instances from untrusted networks
- Deploy a web application firewall with rules specifically blocking the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Test if unauthenticated or unauthorized users can access /Taier/API/tenant/listTenant endpoint and retrieve sensitive data via getCookie methodCheck Version:
Check Taier version in application interface or configuration filesVerify Fix Applied:
After patching, verify that the /Taier/API/tenant/listTenant endpoint properly enforces authentication and authorization checks📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to /Taier/API/tenant/listTenant
- Multiple failed authentication attempts followed by successful access to the vulnerable endpoint
Network Indicators:
- Unusual traffic patterns to the specific API endpoint
- Requests containing getCookie method to the tenant list endpoint
SIEM Query:
source="taier.logs" AND (uri="/Taier/API/tenant/listTenant" OR method="getCookie")