Impact
In CloudExplorer Lite, we ensure the isolation of the user's organization/workspace by operating on the interface, but on the server side, we do not check the permissions of the user's organization/workspace. This allows users to add themselves to any organization.
The reproduction steps are as follows:
- User 1 belongs to organization team1 and does not belong to team2.
- User 1 modifies their own profile.
- On the interface, when User 1 modifies their organization, they can only see Team1.
- However, we intercepted the request using burpsuite and replaced the ID of team1 in the request with team2.
- Continue execution and find that it can be executed successfully.
- The reason is that although we ensure that team2 is not visible on the interface, the server did not check whether user1 can choose team2.
Reproduce Video:
https://1drv.ms/v/s!Avwg5C1eKVA4girUgKWl9SQX543P?e=N1ZU47
Affected versions: <= 1.0.2.
Patches
The vulnerability has been fixed in v1.1.0.
Workarounds
t is recommended to upgrade the version to v1.1.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com
Impact
In CloudExplorer Lite, we ensure the isolation of the user's organization/workspace by operating on the interface, but on the server side, we do not check the permissions of the user's organization/workspace. This allows users to add themselves to any organization.
The reproduction steps are as follows:
Reproduce Video:
https://1drv.ms/v/s!Avwg5C1eKVA4girUgKWl9SQX543P?e=N1ZU47
Affected versions: <= 1.0.2.
Patches
The vulnerability has been fixed in v1.1.0.
Workarounds
t is recommended to upgrade the version to v1.1.0.
References
If you have any questions or comments about this advisory:
Open an issue in https://github.com/CloudExplorer-Dev/CloudExplorer-Lite
Email us at xin.bai@fit2cloud.com