用户可以将自己添加到任意的组织中 in cloudexplorer-dev/cloudexplorer-lite

Valid

Reported on

May 13th 2023

Proof of Concept

1 用户1属于组织team1，并不属于team2

2 用户1修改自己的profile

3 在界面上，用户1修改自己的组织时只能看到team1

4 但是我们用burpsuite拦截请求，将请求中的team1的ID换成team2

5 继续执行，发现可以执行成功

6 原因是虽然我们在界面上保证了team2不可见，但服务端没检查user1是否可以选择team2

复现视频：https://1drv.ms/v/s!Avwg5C1eKVA4girUgKWl9SQX543P?e=N1ZU47

Impact

用户可以将自己添加到任意的组织中

We are processing your report and will contact the cloudexplorer-dev/cloudexplorer-lite team within 24 hours. 12 days ago

We have contacted a member of the cloudexplorer-dev/cloudexplorer-lite team and are waiting to hear back 10 days ago

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 10 days ago

Thank you for your feedback. We have confirmed that this vulnerability will be fixed in the next version

Can you give us a CVE number first and we will issue credits to you.

lujiefsi

commented 10 days ago

Researcher

Hi： Maintainer

I do not have the permission to assgin a cve.

@admin from huner, could you pelase help Maintainer to obtain a CVE number?

But You can mark this report as vaild first.

lujiefsi

commented 10 days ago

Researcher

@Maintainer You can mark this report as vaild first.

lujiefsi

commented 10 days ago

Researcher

@Maintainer even report is marked as vaild, it is still not public .

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 10 days ago

Okay, thank you for your suggestion!

We have applied for the CVE number.

We have sent a follow up to the cloudexplorer-dev/cloudexplorer-lite team. We will try again in 7 days. 3 days ago

A cloudexplorer-dev/cloudexplorer-lite maintainer validated this vulnerability 3 days ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Ben Harvie

commented 3 days ago

Admin

Hi maintainer, if you could please mark this as fixed once the vulnerability has been patched and we can assign a CVE at this point of the process:)

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 3 days ago

Thank you. We have fixed this vulnerability in v1.1.0 and will release it on May 23rd. After release, we will mark it as fixed.

Pavlos

commented 3 days ago

Admin

Sounds good! For the record, marking a report as fixed doesn't publish it. We will ask you when you would like it published.

Thank you for your contribution!

A cloudexplorer-dev/cloudexplorer-lite maintainer marked this as fixed in v1.1.0 with commit d9f55a 3 days ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

A cloudexplorer-dev/cloudexplorer-lite maintainer published this vulnerability 3 days ago

to join this conversation

We are processing your report and will contact the cloudexplorer-dev/cloudexplorer-lite team within 24 hours. 12 days ago

We have contacted a member of the cloudexplorer-dev/cloudexplorer-lite team and are waiting to hear back 10 days ago

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 10 days ago

Thank you for your feedback. We have confirmed that this vulnerability will be fixed in the next version

Can you give us a CVE number first and we will issue credits to you.

lujiefsi

commented 10 days ago

Researcher

Hi： Maintainer

I do not have the permission to assgin a cve.

@admin from huner, could you pelase help Maintainer to obtain a CVE number?

But You can mark this report as vaild first.

lujiefsi

commented 10 days ago

Researcher

@Maintainer You can mark this report as vaild first.

lujiefsi

commented 10 days ago

Researcher

@Maintainer even report is marked as vaild, it is still not public .

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 10 days ago

Okay, thank you for your suggestion!

We have applied for the CVE number.

We have sent a follow up to the cloudexplorer-dev/cloudexplorer-lite team. We will try again in 7 days. 3 days ago

A cloudexplorer-dev/cloudexplorer-lite maintainer validated this vulnerability 3 days ago

lujiefsi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Ben Harvie

commented 3 days ago

Admin

Hi maintainer, if you could please mark this as fixed once the vulnerability has been patched and we can assign a CVE at this point of the process:)

A cloudexplorer-dev/cloudexplorer-lite maintainer

commented 3 days ago

Thank you. We have fixed this vulnerability in v1.1.0 and will release it on May 23rd. After release, we will mark it as fixed.

Pavlos

commented 3 days ago

Admin

Sounds good! For the record, marking a report as fixed doesn't publish it. We will ask you when you would like it published.

Thank you for your contribution!

A cloudexplorer-dev/cloudexplorer-lite maintainer marked this as fixed in v1.1.0 with commit d9f55a 3 days ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

A cloudexplorer-dev/cloudexplorer-lite maintainer published this vulnerability 3 days ago

to join this conversation