CVE-2024-32879

Published: Apr 24, 2024Modified: Nov 21, 2024

4.9

Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Exploitability: 1.8 / Impact: 2.7

Source: security-advisories@github.com (Secondary)

Description

Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.

Related CWEs

Improper Handling of Case Sensitivity

The product does not properly account for differences in case sensitivity when accessing or determining the properties of a resource, leading to inconsistent results.

Incorrect Implementation of Authentication Algorithm

The requirements for the product dictate the use of an established authentication algorithm, but the implementation of the algorithm is incorrect.

References (6)

https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138

Source: security-advisories@github.com

https://github.com/python-social-auth/social-app-django/pull/566

Source: security-advisories@github.com

https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3

Source: security-advisories@github.com

https://github.com/python-social-auth/social-app-django/commit/31c3e0c7edb187004d8abbde7e9c4f7ef9098138

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/python-social-auth/social-app-django/pull/566

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/python-social-auth/social-app-django/security/advisories/GHSA-2gr8-3wc7-xhj3

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.