| タイトル | Open-Source LitmusChaos 3.19.0 Privilege Escalation via Manipulation of localStorage |
|---|
| 説明 | A privilege escalation vulnerability was discovered in the LitmusChaos platform, where a user with Viewer-level permissions can elevate their privileges to Owner by tampering with the projectRole key stored in the browser’s localStorage. This manipulation is not validated by the backend, leading to unauthorized access to privileged functionality.
During analysis, it was observed that user roles within a project are determined on the client side using a localStorage key named projectRole. By modifying this key’s value from "Viewer" to "Owner" using browser developer tools and reloading the page, the frontend updates to reflect elevated access rights.
This change allows users to access Owner-only functionality, such as creating, modifying, or deleting experiments, without any backend verification of their actual role within the project.
Impact
Unauthorized privilege escalation
Potential misuse or alteration of experiments and project configurations
No server-side validation of user roles |
|---|
| ソース | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/readme07.md |
|---|
| ユーザー | maique (UID 88562) |
|---|
| 送信 | 2025年07月31日 04:36 (9 月 ago) |
|---|
| モデレーション | 2025年08月09日 07:34 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319325 [LitmusChaos Litmus 迄 3.19.0 LocalStorage 特権昇格] |
|---|
| ポイント | 20 |
|---|