The current implementation of the API authorization logic checks for the presence of the exact word "swagger" in the request path to determine if an API key is required. However, this check can be easily bypassed by altering the capitalization of the word. For example, accessing "/Swagger/index.html" instead of "/swagger/index.html" allows unauthorized access without providing the required API key.
Observe that access is granted without requiring an API key.
Impact:
Although the current vulnerability may not pose a significant security risk right now, it has the potential to cause future issues if an important file or resource is exposed within the "/swagger/" directory. This could allow unauthorized individuals to access sensitive information or exploit the exposed resources for malicious purposes.
9ssi7
commented
1 year ago
Description:
The current implementation of the API authorization logic checks for the presence of the exact word "swagger" in the request path to determine if an API key is required. However, this check can be easily bypassed by altering the capitalization of the word. For example, accessing "/Swagger/index.html" instead of "/swagger/index.html" allows unauthorized access without providing the required API key.
Example:
Steps to reproduce:
Impact:
Although the current vulnerability may not pose a significant security risk right now, it has the potential to cause future issues if an important file or resource is exposed within the "/swagger/" directory. This could allow unauthorized individuals to access sensitive information or exploit the exposed resources for malicious purposes.
Vulnerable code part:
Link: https://github.com/acikkaynak/musahit-harita-backend/blob/3e109cfb09da43b858c62f91fb282ef89fcdcc94/middleware/auth/auth.go Line: 25