安全情报

GHSA-258c-965c-p3hc - Daptin's Session Management Vulnerability Leads to Insufficient Session Expirati

AiRedTeam

09 May 2026 • 阅读时间 1 分钟

📡 GitHub-Advisory · 2026-05-07

GHSA-258c-965c-p3hc - Daptin's Session Management Vulnerability Leads to Insufficient Session Expirati

GHSA-258c-965c-p3hc MEDIUM go/github.com/daptin/daptin

CVE:

Summary

A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens (JWTs) remain fully valid after a user changes their password. The JWT validation middleware (CheckJWT) only verifies token signature, expiry, issuer, and signing algorithm — it does not check whether the token was issued before the most recent password change. The password update code path hashes the new password but never calls InvalidateAuthCacheForEmail() and never revokes or blacklists existing tokens. This effectively negating password rotation as an incident response control.

Vulnerable Files

daptin/server/jwt/jwtmiddleware.go — JWT validation without session versioning
daptin/server/resource/resource_update.go — password update without session invalidation
daptin/server/actions/action_generate_jwt_token.go — JWT claims lack password version
daptin/server/auth/auth.go — InvalidateAuthCacheForEmail exists but not called on update
daptin/server/resource/columns.go — password change action wiring

Vulnerable Code Snippet

1. JWT validation checks nothing beyond signature/expiry/issuer (jwtmiddleware.go:232-260):

// Now parse the token
parsedToken, err := jwt.Parse(token, m.Options.ValidationKeyGetter)

// Check if there was an error in parsing...
if err != nil {
    m.logf("Error parsing token: %v", err)
    m.Options.ErrorHandler(w, r, err.Error())
    return nil, fmt.Errorf("Error parsing token: %v", err)
}

if parsedToken.Claims.(jwt.MapClaims)["iss"] != m.Options.Issuer {
    return nil, fmt.Errorf("Invalid issuer: %v", parsedToken.Header["iss"])
}

if m.Options.SigningMethod != nil && m.Options.SigningMethod.Alg() != parsedToken.Header["alg"] {
    // ... algorithm check
}

// Check if the parsed token is valid...
if !parsedToken.Valid {
    m.logf("Token is invalid")
    m.Options.ErrorHandler(w, r, "The token isn't valid")
    return nil, errors.New("Token is invalid")
}

**No check exists fo

📌 来源: GitHub-Advisory | 📅 2026-05-07