| Título | Open-Source LitmusChaos 3.19.0 Privilege Escalation via Manipulation of localStorage |
|---|
| Descripción | A privilege escalation vulnerability was discovered in the LitmusChaos platform, where a user with Viewer-level permissions can elevate their privileges to Owner by tampering with the projectRole key stored in the browser’s localStorage. This manipulation is not validated by the backend, leading to unauthorized access to privileged functionality.
During analysis, it was observed that user roles within a project are determined on the client side using a localStorage key named projectRole. By modifying this key’s value from "Viewer" to "Owner" using browser developer tools and reloading the page, the frontend updates to reflect elevated access rights.
This change allows users to access Owner-only functionality, such as creating, modifying, or deleting experiments, without any backend verification of their actual role within the project.
Impact
Unauthorized privilege escalation
Potential misuse or alteration of experiments and project configurations
No server-side validation of user roles |
|---|
| Fuente | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/readme07.md |
|---|
| Usuario | maique (UID 88562) |
|---|
| Sumisión | 2025-07-31 04:36 (hace 9 meses) |
|---|
| Moderación | 2025-08-09 07:34 (9 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 319325 [LitmusChaos Litmus hasta 3.19.0 LocalStorage escalada de privilegios] |
|---|
| Puntos | 20 |
|---|