Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in…
GitHub_M·CWE-178·Published 2024-04-24
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.
### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.
### Impact Due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. ### Patches This issue has been addressed by https://github.com/python-social-auth/social-app-django/pull/566 and fix released in 5.4.1. ### Workarounds An immediate workaround would be to change collation of the affected field: ```mysql ALTER TABLE `social_auth_usersocialauth` MODIFY `uid` varchar(255) COLLATE `utf8_bin`; ``` ### References This issue was discovered by folks at https://opencraft.com/.
Python Social Auth es un mecanismo de autenticación/registro social. Antes de la versión 5.4.1, debido a la intercalación predeterminada que no distingue entre mayúsculas y minúsculas en las bases de datos MySQL o MariaDB, los ID de usuario de autenticación de terceros no distinguen entre mayúsculas y minúsculas y podrían hacer que coincidan diferentes ID. Este problema se solucionó mediante una solución publicada en la versión 5.4.1. Un workaround inmediata sería cambiar la clasificación del campo afectado.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 4.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
| 3.1 | Primary | cve.org | 4.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
| 3.1 | Secondary | NVD | 4.9 | 1.8 | 2.7 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |
| 3.1 | Secondary | GHSA | 4.9 | — | — | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N |