CVE-2024-1143: 
Java vulnerability analysis and mitigation

CVE-2024-1143 affects Central Dogma versions prior to 0.64.1, exposing a Cross-Site Scripting (XSS) vulnerability that targets the RelayState of Security Assertion Markup Language (SAML). The vulnerability was discovered and disclosed on February 2, 2024, impacting the authentication mechanisms of the Central Dogma configuration repository service (Vendor Advisory).

The vulnerability is classified as a Cross-Site Scripting (XSS) attack that specifically targets the SAML RelayState implementation in Central Dogma. It has received a Critical severity rating with a CVSS v3.1 base score of 9.3, with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N. This indicates that the vulnerability requires network access and user interaction, but no privileges, and can result in high impacts to confidentiality and integrity (NVD, Vendor Advisory).

The exploitation of this vulnerability can lead to serious security breaches, primarily through the leakage of user sessions and subsequent authentication bypass. This allows malicious actors to gain unauthorized access to sensitive resources within the Central Dogma system (Vendor Advisory).

The vulnerability has been patched in Central Dogma version 0.64.1. Users are strongly advised to upgrade to this version or later as no viable workarounds are currently available (Vendor Advisory).