Opened 88 minutes ago
Last modified 51 seconds ago
#37101 new Bug
Vary header cache key collision from missing delimiter
| Reported by: | Jake Howard | Owned by: | |
|---|---|---|---|
| Component: | Core (Cache system) | Version: | 6.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When a cached view varies on multiple headers, the values of those headers are concatenated together in the cache key. There is no delimiter, meaning the cache keys could overlap:
X-Region: US X-Tenant: victim-corp
X-Region: U X-Tenant: Svictim-corp
The above 2 examples would result in the same cache key, despite being different values. Changes to the cache key should be made to ensure values in this way don't collide.
This was previously reported to the Security Team by GeonHa. However, because it requires in depth knowledge of the system, a lack of user validation and similar values, it is not considered a vulnerability.
Note:
See TracTickets
for help on using tickets.