Summary
Hail relies on OIDC email claims to verify the validity of a user's domain.
Workarounds
None.
References
- https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
- https://www.descope.com/blog/post/noauth
- https://developers.google.com/identity/openid-connect/openid-connect#an-id-tokens-payload
- https://learn.microsoft.com/en-us/entra/identity-platform/access-token-claims-reference#payload-claims
[1] Hail Batch must separately stop using emails and start using the OAuth2 sub in Google. This is a known deficiency. In particular, if an email is re-used by the organization for a new user, the new user could access the old user's Hail Batch account.
Impact
All Hail Batch clusters are affected. An attacker is able to:
- Create one or more accounts with Hail Batch without corresponding real accounts in the organization.
For example, a user could create a Microsoft or Google account and then change their email to "[email protected]". This Microsoft or Google account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is "example.org".
In Google, this attack is partially mitigated because Google requires users to verify ownership of their Google account. However, a valid user is able to create multiple distinct Hail Batch accounts by creating multiple distinct Google accounts using email addresses of the form "[email protected]".
In Microsoft, this attack requires Azure AD Administrator access to an Azure AD Tenant. The Azure AD Administrator is permitted to change the email address of an account to any other email address without verification. An attacker can create an Azure Tenant for free.
- The attacker does not have access to any private data (because the new service principals or service accounts are not granted any privileges).
- If trial Hail Batch billing projects are enabled, the attacker does have the ability to run jobs and thus spend money. An attacker can create as many accounts as Microsoft or Google permit.
- The attacker cannot impersonate another user because, in Azure, we use the
subfrom the OAuth2 response, and, in Google, Google does an email verification.
CVE-2023-51663 has a CVSS score of 5.3 (Medium). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.2.127); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Already deployed Kodem?
See it in your environmentNew to Kodem? Get a demo →Remediation advice
- Apply this patch to prevent third-party attackers from creating accounts.
- Audit your users list https://auth.example.org/users for user accounts whose login ids are not valid login ids with your identity provider. Delete such users.
A forthcoming change will prevent users from creating multiple accounts using Google's + email redirection.
Frequently Asked Questions
- What is CVE-2023-51663? CVE-2023-51663 is a medium-severity security vulnerability in hail (pip), affecting versions < 0.2.127. It is fixed in 0.2.127.
- How severe is CVE-2023-51663? CVE-2023-51663 has a CVSS score of 5.3 (Medium). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of hail are affected by CVE-2023-51663? hail (pip) versions < 0.2.127 is affected.
- Is there a fix for CVE-2023-51663? Yes. CVE-2023-51663 is fixed in 0.2.127. Upgrade to this version or later.
- Is CVE-2023-51663 exploitable, and should I be worried? Whether CVE-2023-51663 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2023-51663 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2023-51663? Upgrade
hailto 0.2.127 or later.