CVE-2024-1143

Name of the Vulnerable Software and Affected Versions Central Dogma versions prior to 0.64.1

Description A Cross-Site Scripting (XSS) vulnerability in Central Dogma could allow for the leakage of user sessions and subsequent authentication bypass. The issue targets the RelayState of Security Assertion Markup Language (SAML), enabling malicious actors to leak user sessions and compromise authentication mechanisms. This can facilitate unauthorized access to sensitive resources.

Recommendations For Central Dogma versions prior to 0.64.1, upgrade to version 0.64.1 or later to mitigate the risk associated with the authentication bypass. No viable workarounds are currently available for this vulnerability, so applying the provided patch promptly is recommended.