CVE-2024-1143
📋 TL;DR
Central Dogma versions before 0.64.1 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. This could lead to session hijacking and authentication bypass for users accessing vulnerable Central Dogma instances. Organizations using Central Dogma for configuration management are affected.
💻 Affected Systems
- Central Dogma
📦 What is this software?
Central Dogma by Linecorp
⚠️ Risk & Real-World Impact
Worst Case
Attackers steal administrator session cookies, gain full administrative access to Central Dogma, modify configuration data, and potentially pivot to other systems.
Likely Case
Attackers steal user session tokens to access Central Dogma with the victim's permissions, potentially modifying configuration data or accessing sensitive information.
If Mitigated
With proper input validation and output encoding, the XSS payloads are neutralized, preventing script execution and maintaining session integrity.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity once the injection vector is identified. Exploitation requires user interaction with malicious content.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.64.1
Vendor Advisory: https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8
Restart Required: Yes
Instructions:
1. Stop Central Dogma service. 2. Update to version 0.64.1 or later. 3. Restart Central Dogma service. 4. Verify the update was successful.
🔧 Temporary Workarounds
Content Security Policy (CSP)
allImplement a strict Content Security Policy to prevent inline script execution and restrict script sources.
Add 'Content-Security-Policy: default-src 'self'; script-src 'self'' to HTTP headers
Input Validation Filter
allImplement web application firewall or proxy filtering to sanitize user input before it reaches Central Dogma.
🧯 If You Can't Patch
- Isolate Central Dogma instances behind authentication gateways and restrict access to trusted users only.
- Implement network segmentation to limit Central Dogma's exposure and monitor for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check Central Dogma version. If version is less than 0.64.1, the system is vulnerable.Check Version:
curl -s http://centraldogma-host:port/api/v0/version | grep versionVerify Fix Applied:
Confirm Central Dogma version is 0.64.1 or higher and test for XSS payload execution.📡 Detection & Monitoring
Log Indicators:
- Unusual HTTP requests containing script tags or JavaScript payloads in query parameters or headers
- Multiple failed authentication attempts followed by successful login from same IP
Network Indicators:
- HTTP requests containing <script>, javascript:, or encoded XSS payloads
- Unexpected outbound connections from Central Dogma server
SIEM Query:
source="centraldogma" AND (http_uri="*<script>*" OR http_uri="*javascript:*" OR http_user_agent="*<script>*")