| عنوان | coco-annotator v0.11.1 Broken Function Level Authorization |
|---|
| الوصف | An attacker can delete categories created by other users via a DELETE request to the /api/undo/ endpoint without any ownership or permission checks. This constitutes a Broken Function Level Authorization (BFLA) vulnerability, allowing unauthorized manipulation of protected resources.
Vulnerable Endpoint
DELETE /api/undo/?id=198&instance=category HTTP/1.1
Host: localhost:5001
Cookie: session=<valid session cookie of low-privilege user>
• id: The category ID created by another user (e.g., “natan”)
• instance: The type of object to delete (e.g., “category”)
Impact
• Any authenticated user can delete categories created by other users.
• No verification is done to ensure that the requester is the original creator or has elevated permissions (e.g., admin).
• Leads to data integrity issues, potential denial of service, or abuse in multi-tenant environments.
Steps to Reproduce
1. Log in as User A and create a category.
2. Log in as User B (a separate, normal user).
3. Send the following request as User B:
DELETE /api/undo/?id=<category_id_from_UserA>&instance=category HTTP/1.1
Host: localhost:5001
Cookie: session=<UserB's valid session>
4. ✅ The category created by User A is deleted by User B. |
|---|
| المصدر | ⚠️ https://github.com/nmmorette/vulnerability-research/blob/main/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo/BFLA%20COCO%20Annotator%20in%20DELETE%20api%20undo%202f1ef09b8736807aa1f7ede4b64fa35d.md |
|---|
| المستخدم | nmmorette (UID 87361) |
|---|
| ارسال | 23/01/2026 03:53 PM (4 أشهر منذ) |
|---|
| الاعتدال | 06/02/2026 03:23 PM (14 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344685 [jsbroks COCO Annotator حتى 0.11.1 Delete Category /api/undo/ معرف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|