/
Security Advisory WSO2-2018-0462
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links' is unknown.

Security Advisory WSO2-2018-0462

Sept 03, 2018

Published: 3rd September 2018

Severity: Critical

CVSS Score: 9.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)

 

AFFECTED PRODUCTS

 

WSO2 Identity Server : 5.4.0 , 5.4.1 , 5.5.0 , 5.6.0

WSO2 Identity Server as Key Manager : 5.5.0 , 5.6.0

WSO2 Identity Server : 5.3.0 - Only if "SCIM 2.0 Inbound Provisioning Connector" is installed.

WSO2 Identity Server as Key Manager : 5.3.0 - Only if "SCIM 2.0 Inbound Provisioning Connector" is installed

 

OVERVIEW

 

An authentication and authorization bypass vulnerability has been detected in SCIM 2.0 API.

 

 

DESCRIPTION

 

If the /scim2 endpoint of WSO2 Identity Server is exposed to public, an attacker would be able to bypass the authentication and authorization of SCIM 2.0 API and execute the operations in the API.

 

 

IMPACT 

 

By exploiting the vulnerability, an attacker would be able to get a user account created with higher level of permissions bound to it and perform the actions in the system that the particular user account is permitted to.

 

 

SOLUTION

 

The recommended solution is to modify the following configuration under the <ResourceAccessControl> element in IS_HOME/repository/conf/identity/identity.xml file and restart the server. Find the existing configuration and replace each entry with the new configuration.

 

 

Existing Configuration

New Configuration

Existing Configuration

New Configuration

<Resource context="(.*)/api/identity/user/v1.0/validate-code" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/validate-code(.*)" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/resend-code" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/resend-code(.*)" secured="true" http-method="all"/>

<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="POST"/>

<Resource context="(.*)/api/identity/user/v1.0/me(.*)" secured="true" http-method="POST"/>

<Resource context="(.*)/api/identity/user/v1.0/me" secured="true" http-method="GET"/>

<Resource context="(.*)/api/identity/user/v1.0/me(.*)" secured="true" http-method="b"/>

<Resource context="(.*)/scim2/Users" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Users(.*)" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Groups" secured="true" http-method="POST">

<Resource context="(.*)/scim2/Groups(.*)" secured="true" http-method="POST">

<Resource context="/scim2/Bulk" secured="true" http-method="all">

<Resource context="/scim2/Bulk(.*)" secured="true" http-method="all">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories" secured=" true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/pii-categories(.*)" secured=" true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes" secured="true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purposes(.*)" secured="true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories" secured="true" http-method="POST">

<Resource context="(.*)/api/identity/consent-mgt/v1.0/consents/purpose-categories(.*)" secured="true" http-method="POST">

 

NOTES

 

If you are using any version of the Idetity Server that is not listed in the "Affected Products" section, then this vulnerability is not applicable.  If you have any questions, post them to security@wso2.com.

 

 

 

com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.