CVE-2024-29901 - Vulnerability Details - OpenCVE

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Workos	Authkit

Configuration 1 [-]

cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01
https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v

History

Wed, 07 May 2025 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Workos Workos authkit
CPEs		cpe:2.3:a:workos:authkit::::::node.js::*
Vendors & Products		Workos Workos authkit

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-29T15:23:02.184Z

Updated: 2024-08-02T01:17:58.024Z

Reserved: 2024-03-21T15:12:09.000Z

Link: CVE-2024-29901

Vulnrichment

Updated: 2024-08-02T01:17:58.024Z

NVD

Status : Analyzed

Published: 2024-03-29T16:15:08.337

Modified: 2025-05-07T17:05:40.670

Link: CVE-2024-29901

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-29901", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-03-21T15:12:09.000Z", "datePublished": "2024-03-29T15:23:02.184Z", "dateUpdated": "2024-08-02T01:17:58.024Z"}, "containers": {"cna": {"title": "@workos-inc/authkit-nextjs session replay vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-294", "lang": "en", "description": "CWE-294: Authentication Bypass by Capture-replay", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}], "affected": [{"vendor": "workos", "product": "authkit-nextjs", "versions": [{"version": "< 0.4.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-29T15:23:02.184Z"}, "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}], "source": {"advisory": "GHSA-35w3-6qhc-474v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-08T18:05:37.365811Z", "id": "CVE-2024-29901", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:06:40.754Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.024Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:17:58.024Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-29901", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-08T18:05:37.365811Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-08T20:06:37.825Z"}}], "cna": {"title": "@workos-inc/authkit-nextjs session replay vulnerability", "source": {"advisory": "GHSA-35w3-6qhc-474v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "workos", "product": "authkit-nextjs", "versions": [{"status": "affected", "version": "< 0.4.2"}]}], "references": [{"url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "name": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-294", "description": "CWE-294: Authentication Bypass by Capture-replay"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-29T15:23:02.184Z"}}}, "cveMetadata": {"cveId": "CVE-2024-29901", "state": "PUBLISHED", "dateUpdated": "2024-08-02T01:17:58.024Z", "dateReserved": "2024-03-21T15:12:09.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-29T15:23:02.184Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "836E3139-113E-4429-A9D2-9A0F9BF9CA76", "versionEndExcluding": "0.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.\nA user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2."}, {"lang": "es", "value": "La librer\u00eda AuthKit para Next.js proporciona ayudas para la autenticaci\u00f3n y la gesti\u00f3n de sesiones utilizando WorkOS y AuthKit con Next.js. Un usuario puede reutilizar una sesi\u00f3n caducada controlando el encabezado `x-workos-session`. La vulnerabilidad est\u00e1 parcheada en v0.4.2."}], "id": "CVE-2024-29901", "lastModified": "2025-05-07T17:05:40.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-29T16:15:08.337", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-294"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-294"}], "source": "[email protected]", "type": "Primary"}]}