Login Sign Up

CVE-2023-45128

10.0 CRITICAL
Authentication Bypass CSRF

📋 TL;DR

This CVE describes a critical CSRF vulnerability in the Fiber web framework for Go that allows attackers to forge malicious requests on behalf of users. Attackers can inject arbitrary values without authentication or perform malicious actions as authenticated users, compromising application security. All users of vulnerable Fiber versions are affected.

💻 Affected Systems

Products:
  • Fiber web framework
Versions: All versions before 2.50.0
Operating Systems: All platforms running Go applications using Fiber
Default Config Vulnerable: ⚠️ Yes
Notes: All Fiber applications using default or custom configurations without proper CSRF protection are vulnerable.

📦 What is this software?

Fiber by Gofiber

View all CVEs affecting Fiber →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application compromise including data theft, account takeover, administrative actions performed by attackers, and potential lateral movement within the system.

🟠

Likely Case

Unauthorized actions performed on behalf of authenticated users, data manipulation, and potential account compromise.

🟢

If Mitigated

Limited impact with proper CSRF protections, though other vulnerabilities might still be exploitable through different vectors.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CSRF attacks typically require minimal technical skill and can be performed with basic web knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.50.0

Vendor Advisory: https://github.com/gofiber/fiber/security/advisories/GHSA-94w9-97p3-p368

Restart Required: Yes

Instructions:

1. Update go.mod to require github.com/gofiber/fiber/v2 v2.50.0 or higher
2. Run 'go mod tidy' to update dependencies
3. Rebuild and redeploy your application
4. Restart all services using the Fiber framework

🧯 If You Can't Patch

  • Implement additional CSRF protection middleware with proper token validation
  • Add SameSite=Lax or SameSite=Secure attributes to session cookies with HttpOnly and Secure flags

🔍 How to Verify

Check if Vulnerable:

Check go.mod or go.sum for Fiber version. If version is below 2.50.0, the application is vulnerable.

Check Version:

grep 'github.com/gofiber/fiber' go.mod

Verify Fix Applied:

Verify that go.mod requires github.com/gofiber/fiber/v2 v2.50.0 or higher and that the application builds successfully with this version.

📡 Detection & Monitoring

Log Indicators:

  • Unusual request patterns without CSRF tokens
  • Requests with missing or invalid anti-CSRF headers
  • Unexpected state changes from unverified sources

Network Indicators:

  • Cross-origin requests to sensitive endpoints without proper referrer validation
  • Requests lacking CSRF tokens in expected locations

SIEM Query:

web_requests WHERE (csrf_token IS NULL OR csrf_token = '') AND endpoint IN sensitive_endpoints

📊 Metadata

CVE ID: CVE-2023-45128
CVSS v3 Score: 10.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CWE: CWE-20
Published: October 16, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45128, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)