We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Improper Authorization leads to privilege escalation in limesurvey/limesurvey

Valid

Reported on

Jun 15th 2023

Description

The application improperly performs user authorization, resulting in a user with the user management role being able to modify their own permissions or those of others.

Proof of Concept

Step1: The highest-level administrator or an administrator with the permission to create roles creates a role named 'super admin' with full privileges

Untitled

Step2: The user has the authority to manage users and can modify their own role by opening the Inspector window and removing the 'disable' class.

Untitled

Step3: Selects the 'super admin' role and clicks save. The user's permissions have now been changed.

Untitled

Impact

The user with the user management role can change the role of anyone, including themselves.

We are processing your report and will contact the limesurvey team within 24 hours. 3 months ago
We have contacted a member of the limesurvey team and are waiting to hear back 3 months ago
Carsten Schmitz validated this vulnerability 3 months ago
aqngoc has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Carsten Schmitz
3 months ago

Maintainer

Duplicate of https://bugs.limesurvey.org/view.php?id=18356

aqngoc
3 months ago

Researcher

I can't view, access denied

Carsten Schmitz marked this as fixed in 6.1.6 with commit a2eece 3 months ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
This vulnerability is scheduled to go public on Jul 3rd 2023
aqngoc
3 months ago

Researcher

Can it be assigned a CVE?

Carsten Schmitz published this vulnerability 3 months ago
to join this conversation