CVE-2024-50334 Scanner

CVE-2024-50334 Scanner - Authentication Bypass vulnerability in Scoold

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

25 days 20 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

Scoold is a widely-used Q&A and knowledge-sharing platform designed for team collaboration. It facilitates the exchange of ideas, solutions, and information within an organization, enhancing teamwork and productivity. Companies and educational institutions utilize Scoold to manage knowledge, increase engagement, and streamline communication. The platform allows users to create, share, and discuss a variety of content, making it an essential tool for knowledge management. Its intuitive interface and versatile features support both small teams and large enterprises. As it caters to diverse industries, Scoold becomes a part of daily operations and strategic decision-making.

The authentication bypass vulnerability in Scoold allows unauthorized users to gain access to sensitive configuration data by manipulating specific HTTP requests. This vulnerability is introduced due to insufficient validation in request handling at the `/api;/config` endpoint. Attackers can exploit this vulnerability by appending a semicolon in the URL, successfully evading authentication mechanisms. Once bypassed, attackers may access sensitive data which can be used for further exploitation. This vulnerability poses a significant risk as it exposes critical internal configurations to potential malicious actors.

The vulnerability in Scoold arises from a semicolon path injection at the `/api;/config` endpoint. Attackers exploit this by appending a semicolon in HTTP requests, which Scoold misinterprets, effectively bypassing authentication checks. Another aspect of the vulnerability involves sending PUT requests with a `Content-Type` of `application/hocon`, enabling unauthenticated users to perform file reading via HOCON file inclusion. This technical fault allows unauthorized users to retrieve sensitive configuration files that could facilitate additional attacks. Scoold has addressed this issue in version 1.64.0, and recommends disabling the API as a circumvention for those unable to update immediately.

If successfully exploited, this vulnerability allows attackers unauthorized access to sensitive configuration data stored on the server. The exposure of internal data may lead to a leak of organizational secrets or credentials. Attackers could use the obtained data to launch further attacks, compromising the security and integrity of the platform and potentially the organization's operations. Unauthorized access may result in data breaches, leading to a loss of trust or legal ramifications for failing to protect sensitive information. Corrective measures are essential to prevent exploitation and mitigate potential damage.

REFERENCES

Get started to protecting your digital assets