CVE-2023-51663

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Dec 29, 2023
Updated: Jan 5, 2024
CWE ID 289

Summary

CVE-2023-51663 is a vulnerability affecting Hail, an open-source data analysis tool used for working with genomic data. The issue lies in Hail's reliance on OpenID Connect (OIDC) email addresses for domain verification in user accounts. Since users can modify their email addresses, they could potentially create accounts in clusters belonging to organizations they shouldn't have access to. For instance, a user could create a Microsoft or Google account and subsequently change the email to `[email protected]`. This account would then be able to create Hail Batch accounts within clusters with the domain `example.org`. Although the attacker cannot access private data or impersonate users, they can run jobs if Hail Batch billing projects are enabled and potentially create Azure Tenants if they possess Azure Active Directory Administrator access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2023-51663 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions

Book your demo

Sign in

Back to Vulnerability Database