Case-Insensitive Path Matching Leading to CORS Misconfiguration
The vulnerability affects version 4.01 of the software and allows unauthorized origins to access restricted paths due to case-insensitive path matching in the CORS configuration. This issue has not yet been patched.
Available publicly on Aug 28 2024
Threat Overview
The vulnerability arises from the try_match function, which performs case-insensitive matching for request paths. Since URL paths are case-sensitive, this mismatch allows unauthorized origins to access paths that should be restricted. This misconfiguration undermines the CORS policy, leading to potential data exposure and unauthorized access to sensitive resources.
Attack Scenario
An attacker can exploit this vulnerability by sending a request to a case-sensitive path with a different case, bypassing the CORS policy. For example, accessing /api/super_Secret with an unauthorized origin like https://notlowercase.com will be allowed due to the case-insensitive matching, exposing sensitive data.
Who is affected
Users and organizations using version 4.01 of the software with CORS configurations that rely on case-sensitive path matching are affected. This includes any web applications that expose sensitive endpoints and rely on CORS for security.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.