Impact
An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data.
Details
The vulnerability arises from insecure access control mechanisms within a system, where users with default roles and permissions can access other users' playbook files if they know the specific playbook_id. The steps to reproduce the vulnerability are as follows:
- Create two users A and B, both with the system role set to 'User'
- As user B, on 'Workbench - Job - Template' page to create a playbook name test containing a main.yml file with any desired data
- Acquire the playbook ID of user B's playbook. For illustration, let's say the playbook ID is "9e178fbb-47ea-470e-9086-f7f1aa8c3d67"
- Acting as user A, make query using the obtained playbook ID to access and retrieve the contents of user B's playbook file
Patches
Safe versions: >= v3.10.6
Workarounds
It is recommended to upgrade the safe versions.
After the upgrade, the user A could not access the user B's playbook file
References
Thanks for @ilyazavyalov report this issue
ilyazavyalov Finder
Impact
An authorized attacker can obtain sensitive information contained within playbook files if they manage to learn the playbook_id of another user. This breach of confidentiality can lead to information disclosure and exposing sensitive data.
Details
The vulnerability arises from insecure access control mechanisms within a system, where users with default roles and permissions can access other users' playbook files if they know the specific playbook_id. The steps to reproduce the vulnerability are as follows:
Patches
Safe versions: >= v3.10.6
Workarounds
It is recommended to upgrade the safe versions.
After the upgrade, the user A could not access the user B's playbook file
References
Thanks for @ilyazavyalov report this issue