| शीर्षक | Shy2593666979 AgentChat <= v2.3.0 Authorization Bypass |
|---|
| विवरण | An Insecure Direct Object Reference (IDOR) vulnerability exists in AgentChat ≤ v2.3.0 at the /api/v1/user/info endpoint, where the user_id parameter is accepted directly from user input without proper authorization checks. As a result, unauthenticated attackers can access arbitrary users' information by manipulating the user_id parameter, leading to unauthorized disclosure of sensitive user data. Mitigations include implementing proper authorization checks to ensure users can only access their own information, retrieving the user ID from the authenticated session/token rather than accepting it as a parameter, applying role-based access control (RBAC) to restrict access to user data, and logging all user information access attempts for security auditing. |
|---|
| स्रोत | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/agent-chat/vulnerability-1 |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 22/02/2026 05:03 PM (2 महीनों पहले) |
|---|
| संयम | 07/03/2026 09:35 AM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 349640 [Shy2593666979 AgentChat तक 2.3.0 User Endpoint user.py get_user_info/update_user_info user_id अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|