CVE-2024-43798
📋 TL;DR
Chisel servers using the AUTH environment variable for authentication are vulnerable to complete authentication bypass, allowing any unauthenticated user to connect. This is critical because Chisel is often used to expose internal services to the internet or provide entry points to private networks. All Chisel server deployments relying on AUTH for credentials are affected.
💻 Affected Systems
- Chisel
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to internal networks behind Chisel servers, enabling data exfiltration, lateral movement, and compromise of all services accessible through the tunnel.
Likely Case
Unauthenticated attackers connect to Chisel servers and forward traffic from remote ports, enabling MITM attacks and unauthorized access to internal services.
If Mitigated
If Chisel is only used internally with strict network segmentation and firewall rules, impact is limited to the specific internal segment.
🎯 Exploit Status
Exploitation requires no authentication and minimal technical skill - attackers simply connect without credentials.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.0
Vendor Advisory: https://github.com/jpillora/chisel/security/advisories/GHSA-38jh-8h67-m7mj
Restart Required: Yes
Instructions:
1. Stop Chisel server. 2. Update to version 1.10.0 or later using package manager or direct download. 3. Restart Chisel server with updated binary.
🔧 Temporary Workarounds
No workarounds available
allThe vendor advisory states there are no known workarounds for this vulnerability.
🧯 If You Can't Patch
- Immediately disable all Chisel servers using AUTH environment variable
- Implement strict network segmentation and firewall rules to limit Chisel server exposure
🔍 How to Verify
Check if Vulnerable:
Check if Chisel server is running with AUTH environment variable set and version is below 1.10.0Check Version:
chisel --versionVerify Fix Applied:
Verify Chisel version is 1.10.0 or higher and test authentication actually works with valid credentials📡 Detection & Monitoring
Log Indicators:
- Unauthenticated connection attempts succeeding
- Failed authentication logs missing when they should be present
Network Indicators:
- Unexpected connections to Chisel server ports
- Traffic patterns inconsistent with authenticated usage
SIEM Query:
source="chisel" AND (event="connection" AND NOT auth_success="true")