Horizon Alert
Summary of the vulnerability and why it matters
This advisory addresses a critical vulnerability in Wekan, an open-source project management tool. The issue allows unauthenticated attackers to potentially gain administrative session tokens by exploiting how the system trusts specific header information, bypassing authentication. The main concern is confirming relevance and exposure.
- Unauthenticated users can bypass login protections.
- Allows unauthorized access to sensitive project data.
- Confirm if Wekan is used and assess potential exposure.
Attack Path
How an attacker could exploit the issue
An attacker can bypass authentication by sending a crafted request to the Wekan application. By manipulating the `X-Forwarded-For` header, the attacker can trick the application into believing the request originates from a trusted IP address, even if it doesn't. This allows the attacker to impersonate any user, including an administrator, and gain a session token.
- Unauthenticated network access required.
- Trusted IP header manipulation.
- Admin session token obtained.
Live Threat
Current exploitation, exposure, and threat context
When the `HEADER_LOGIN_TRUSTED_IPS` setting is enabled, an unauthenticated attacker could exploit a vulnerability in Wekan by manipulating the `X-Forwarded-For` header. This manipulation could allow them to impersonate any user, including administrators, and obtain a valid session token, potentially leading to unauthorized access and control of the application.
- Unauthorized access to Wekan application.
- Exploited via manipulated network headers.
- System control and data compromise.
Operational Fix
Recommended remediation, mitigation, and detection steps
The Wekan application's authentication bypass vulnerability requires action from teams responsible for its deployment and management. This typically includes application owners, platform or infrastructure teams managing the Wekan instance, and potentially network or security teams monitoring access. The first practical step is to identify all Wekan deployments, assess their network exposure and business criticality, and then locate the accountable owner for each instance to prioritize remediation efforts, considering vendor coordination if applicable.
- Application owners should address the issue.
- Verify Wekan instance exposure and criticality.
- Plan remediation based on identified risk.