Description
Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enumerate email domains to build mappings of domains to organization UUIDs and SSO provider identifiers, enabling reconnaissance against Capgo tenants.
Problem types
Exposure of Sensitive Information to an Unauthorized Actor
Product status
Any version before 12.128.2
12.128.2 (semver)
Credits
offset
References
github.com/.../capgo/security/advisories/GHSA-c5jf-5wxg-mgrq
github.com/.../capgo/security/advisories/GHSA-c5jf-5wxg-mgrq (GitHub Security Advisory (GHSA-c5jf-5wxg-mgrq))
www.vulncheck.com/...authenticated-sso-check-domain-endpoint (VulnCheck Advisory: Capgo - Information Disclosure via Unauthenticated SSO check-domain Endpoint)