CVE-2023-0100: Improper Input Validation In Eclipse BIRT

March 15, 2023 (updated March 16, 2023)

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

References

bugs.eclipse.org/bugs/show_bug.cgi?id=580391
github.com/advisories/GHSA-4grc-q4fj-45p8
github.com/eclipse/birt/pull/1165
nvd.nist.gov/vuln/detail/CVE-2023-0100

Detect and mitigate CVE-2023-0100 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →