CVE-2024-58320
📋 TL;DR
An information disclosure vulnerability in Kentico Xperience allows unauthenticated attackers to access sensitive administration interface hostname details through a public authentication endpoint. This exposes internal network configuration information that could aid further attacks. All Kentico Xperience deployments with the vulnerable version are affected.
💻 Affected Systems
- Kentico Xperience
📦 What is this software?
Xperience by Kentico
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain internal hostname details that could be used for network mapping, targeted phishing, or as reconnaissance for more serious attacks against administration systems.
Likely Case
Attackers gather internal network information that helps them understand the system architecture and plan subsequent attacks.
If Mitigated
Limited exposure of non-critical configuration details with minimal impact on overall security posture.
🎯 Exploit Status
Exploitation involves accessing a public endpoint during authentication to retrieve hostname information without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor hotfixes at https://devnet.kentico.com/download/hotfixes
Vendor Advisory: https://devnet.kentico.com/download/hotfixes
Restart Required: Yes
Instructions:
1. Visit https://devnet.kentico.com/download/hotfixes 2. Download the appropriate hotfix for your Kentico Xperience version 3. Apply the hotfix following Kentico's installation instructions 4. Restart the application/services
🔧 Temporary Workarounds
Restrict Access to Authentication Endpoint
allLimit access to the vulnerable authentication endpoint using network controls or web application firewalls.
🧯 If You Can't Patch
- Implement network segmentation to isolate the Kentico Xperience administration interface from public access.
- Deploy a web application firewall (WAF) with rules to block or sanitize sensitive information disclosure from authentication responses.
🔍 How to Verify
Check if Vulnerable:
Test if accessing the authentication endpoint returns sensitive hostname configuration details in the response.Check Version:
Check Kentico Xperience version through administration interface or application files.Verify Fix Applied:
After applying the patch, verify that the authentication endpoint no longer discloses hostname information in responses.📡 Detection & Monitoring
Log Indicators:
- Unusual authentication attempts from external IPs
- Multiple failed authentication requests
Network Indicators:
- HTTP requests to authentication endpoints from unexpected sources
SIEM Query:
sourceIP=external AND destinationPort=443 AND uri CONTAINS "/auth" OR "/login"