CVE-2024-25124

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.1

Description The issue is related to the CORS middleware in Fiber, which allows for insecure configurations. Specifically, it permits setting the Access-Control-Allow-Origin header to a wildcard (*) while also having the Access-Control-Allow-Credentials set to true, which goes against recommended security best practices. This misconfiguration can lead to unauthorized access to sensitive user data and expose the system to various types of attacks. The impact of this issue is high.

Recommendations For Fiber versions prior to 2.52.1, as a temporary workaround, users may manually validate the CORS configurations in their implementation to ensure that they do not allow a wildcard origin when credentials are enabled. For Fiber versions prior to 2.52.1, update to version 2.52.1 to resolve the issue.