CVE-2024-3511
📋 TL;DR
This CVE describes an authorization bypass vulnerability in WSO2 products that allows authenticated users with management console access to retrieve versioned registry files without proper permissions. Attackers could access sensitive configuration or resource files stored as registry versions. Organizations using affected WSO2 products with versioned registry files are impacted.
💻 Affected Systems
- WSO2 API Manager
- WSO2 Identity Server
- WSO2 Enterprise Integrator
- WSO2 Micro Integrator
- WSO2 Streaming Integrator
- WSO2 Microgateway
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized disclosure of sensitive configuration files, credentials, or system information that could enable further attacks like privilege escalation or lateral movement.
Likely Case
Exposure of configuration files containing system details, API keys, or deployment information that aids reconnaissance for targeted attacks.
If Mitigated
Limited impact if proper network segmentation, access controls, and monitoring are in place to detect unauthorized access attempts.
🎯 Exploit Status
Exploitation requires authenticated access to the management console and knowledge of specific bypass method.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply security patch for WSO2-2024-2702 or upgrade to versions after 4.2.0
Vendor Advisory: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/
Restart Required: Yes
Instructions:
1. Download the security patch for WSO2-2024-2702 from WSO2 support. 2. Apply the patch according to WSO2 patch application procedures. 3. Restart the WSO2 server. 4. Verify the fix by testing authorization controls.
🔧 Temporary Workarounds
Restrict Management Console Access
allLimit access to WSO2 management console to only authorized administrators using network controls and strong authentication.
Disable Versioning for Sensitive Registry Paths
allConfigure registry paths containing sensitive files to disable versioning where possible.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate WSO2 management console from untrusted networks
- Enhance monitoring and alerting for unauthorized access attempts to registry version endpoints
🔍 How to Verify
Check if Vulnerable:
Check if your WSO2 product version is between 4.0.0 and 4.2.0 inclusive, and test if authenticated users can access versioned registry files without proper authorization.Check Version:
Check the WSO2_HOME/repository/conf/carbon.xml file or use the management console's 'About' sectionVerify Fix Applied:
After applying patch, verify that authenticated users without proper permissions cannot access versioned registry files through the management console.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to registry version endpoints
- Multiple failed authorization attempts followed by successful registry access
Network Indicators:
- Unusual patterns of requests to registry version APIs from management console users
SIEM Query:
source="wso2-carbon.log" AND ("registry" AND "version" AND "access") AND NOT user="authorized_admin"