Listen to this Post
The CVE-2024-56363 vulnerability is an authentication bypass flaw within the Milvus Proxy component. It stems from improper validation of the `sourceID` request header. The proxy’s authentication logic incorrectly trusts a specific, hardcoded value in this header. When an unauthenticated request contains this magic value, the proxy misinterprets it as a legitimate, pre-authenticated internal communication from a trusted component. This flaw allows the request to skip all subsequent authentication checks. Consequently, the proxy grants the request full administrative privileges, providing unrestricted access to the entire Milvus cluster without requiring any valid credentials.
Platform: Milvus
Version: <2.4.24, <2.5.21, <2.6.5
Vulnerability : Authentication Bypass
Severity: Critical
date: 2024
Prediction: Patch Available
What Undercode Say:
curl -H "sourceID: <hardcoded_value>" http://milvus-proxy:19530/api/v1/collection/describe
from pymilvus import connections, utility
connections.connect(host='target_ip', port='19530', headers={"sourceID": "<hardcoded_value>"})
utility.list_collections()
How Exploit:
Craft HTTP requests with the specific `sourceID` header to bypass login. Use SDKs with the header set to execute any administrative command, like creating users or dropping databases, without authentication.
Protection from this CVE
Upgrade to versions 2.4.24, 2.5.21, or 2.6.5. If upgrade is delayed, implement a network gateway rule to strip the `sourceID` header from all incoming traffic destined for the Milvus Proxy.
Impact:
Complete cluster compromise. Attackers can read, modify, and delete all data. They can also perform administrative operations, leading to full system takeover and data breach.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
