| عنوان | WeiYe-Jing DataX-Web <= 2.1.2 Broken Access Control / Horizontal Privilege Escalation |
|---|
| الوصف | DataX-Web is a distributed data synchronization tool with multi-user support. The system has a permission model where users can have different roles (admin or regular user) and permissions to access specific job groups. However, critical task management operations (remove, update, start, stop, trigger) do not implement the designed access control checks, allowing users to perform unauthorized operations on tasks they don't own. |
|---|
| المصدر | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md |
|---|
| المستخدم | sh7err (UID 91441) |
|---|
| ارسال | 02/11/2025 04:47 PM (6 أشهر منذ) |
|---|
| الاعتدال | 15/11/2025 04:05 PM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 332584 [WeiYe-Jing datax-web حتى 2.1.2 Job remove/update/pause/start/triggerJob تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|