AtHeartEngineer/prysm
1
1
Fork 0
mirror of https://github.com/OffchainLabs/prysm.git synced 2026-04-19 03:01:06 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
764f7429f2a45618e6cd0739fd74007ce22cef68
prysm/validator/rpc
History
Maxim Evtush 99780d61d7 Fix authentication bypass for direct /v2/validator/* endpoints (#16226) 
This PR fixes a security vulnerability where authenticated endpoints
could be accessed without authorization by using direct
`/v2/validator/*` paths instead of `/api/v2/validator/*`.

The `AuthTokenHandler` middleware only checked for authentication on
requests containing `/api/v2/validator/` or `/eth/v1` prefixes, but the
same handlers are also registered for direct `/v2/validator/*` routes.
This allowed attackers to bypass authentication by simply removing the
`/api` prefix from the URL.

---------

Co-authored-by: james-prysm <90280386+james-prysm@users.noreply.github.com>
2026-02-12 23:17:32 +01:00
..
auth_token_test.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
auth_token.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
beacon_test.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
beacon.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
BUILD.bazel
Vendored github.com/tyler-smith/go-bip39 (#16015)
2025-11-14 17:58:44 +00:00
handler_wallet_test.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handler_wallet.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_accounts_test.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_accounts.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handlers_auth_test.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_auth.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_beacon_test.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_beacon.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_health_test.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handlers_health.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
handlers_keymanager_test.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handlers_keymanager.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handlers_slashing_test.go
Add golang.org/x/tools modernize static analyzer and fix violations (#15946)
2025-11-14 01:27:22 +00:00
handlers_slashing.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
intercepter_test.go
Fix authentication bypass for direct /v2/validator/* endpoints (#16226)
2026-02-12 23:17:32 +01:00
intercepter.go
Fix authentication bypass for direct /v2/validator/* endpoints (#16226)
2026-02-12 23:17:32 +01:00
log.go
Switch logging from using prefixes to the new package path format (#16059)
2026-02-12 23:17:31 +01:00
server_test.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
server.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00
structs.go
upgrade v6 to v7 (#15989)
2025-11-06 16:16:23 +00:00