CVE-2023-35948 in Novu
Summary
by MITRE • 07/06/2023
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/24/2023
The vulnerability identified as CVE-2023-35948 represents a critical open redirect flaw within the Novu notification platform's authentication mechanism. This security weakness specifically impacts the "Sign In with GitHub" functionality that enables users to authenticate through their GitHub accounts. The vulnerability exists in Novu's open-source repository versions prior to 0.16.0, creating a significant risk for organizations that have manually enabled GitHub OAuth in their self-hosted deployments. The flaw allows attackers to manipulate the redirect URL parameter during the authentication flow, potentially leading to account takeover scenarios where malicious actors can force legitimate users to navigate to attacker-controlled domains.
The technical implementation of this vulnerability stems from inadequate input validation and sanitization within the OAuth redirect handling process. When users attempt to sign in using GitHub authentication, the system fails to properly validate the redirect URL parameter, allowing attackers to inject malicious URLs that will be executed during the authentication flow. This creates a classic open redirect vulnerability pattern where the application blindly follows user-provided redirect parameters without sufficient verification. The flaw operates at the application layer and specifically affects the authorization flow, making it particularly dangerous as it directly targets the authentication mechanism that protects user accounts.
The operational impact of this vulnerability extends beyond simple privilege escalation to encompass full account compromise and potential data exfiltration. An attacker exploiting this vulnerability could force a victim user to authenticate against a malicious GitHub endpoint, potentially capturing credentials or session tokens that would grant full administrative control over the compromised account. This threat is particularly severe in cloud environments where Novu instances may be managing sensitive notification workflows for critical business operations. The vulnerability's impact is amplified when considering that it only requires the user to manually enable GitHub OAuth in self-hosted deployments, indicating that organizations with default configurations may remain unaffected while those with custom authentication setups face significant risk.
Organizations utilizing Novu's platform should prioritize immediate remediation by upgrading to version 0.16.0 or later, which includes the necessary patch to address this open redirect vulnerability. The mitigation strategy should also include reviewing all custom authentication configurations to ensure that GitHub OAuth is properly secured and that redirect URL validation is implemented. Security teams should monitor for any suspicious authentication patterns or unauthorized access attempts that might indicate exploitation attempts. From a compliance perspective, this vulnerability aligns with CWE-601 open redirect weaknesses and could potentially be leveraged by threat actors to achieve persistent access through the MITRE ATT&CK framework's credential access and persistence phases. Organizations should also conduct thorough security assessments of their authentication flows to identify similar vulnerabilities in other third-party integrations that might present analogous risks.