Skip to content

Unauthorized viewing by workspace members(CVE-2024-32467)

Moderate
fit2-zhao published GHSA-7499-q88f-mxqp Apr 25, 2024

Package

No package listed

Affected versions

<= v2.10.13-lts

Patched versions

v2.10.14-lts

Description

author

L1NG
383417532@qq.com

Summary

没有空间权限的成员,可以越权查看其他工作空间的成员信息
Members without space permissions can view member information from other workspaces beyond their authority

Detail

/product/user/special/ws/member/list/all接口缺少了权限检查

PoC

1.账号1加入空间1
2.账号2加入空间2
3.账号2点击产品列表出现查看空间2的成员信息数据包时候将空间2的id替换成空间1的id
4.可以查看到空间1的成员信息

  1. Account 1 Joins Space 1
  2. Account 2 Join Space 2
  3. When Account 2 clicks on the product list to view the member information data package of Space 2, replace the ID of Space 2 with the ID of Space 1
  4. You can view the member information of space 1

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
High
User interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

CVE ID

CVE-2024-32467

Weaknesses

No CWEs

Credits