| タイトル | Tianti Project Tianti 2.3 Missing Authorization |
|---|
| 説明 | The system contains a critical security design flaw in UserController (package com.jeff.tianti.controller). The permission model is implemented exclusively at the client-side (UI) level. This approach merely "hides" functionality and is not an effective security control. The backend API, which is the true enforcement point for actions, implicitly trusts all requests received from the client. It fails to perform its own mandatory verification of the user's roles or permissions. Besides, all APIs are exposed in the javascript code of the returned page.
Consequently, when a low-privilege user bypasses the UI (e.g., through web proxies or by crafting direct API calls) and sends a request to a backend endpoint, the backend code executes the request blindly. This leads to a vertical privilege escalation vulnerability, where the low-privilege user can do anything that a super administrator can do, including resetting passwords, arbitrarily deleting users, and managing menu permissions. |
|---|
| ソース | ⚠️ https://github.com/N1n3b9S/cve/issues/15 |
|---|
| ユーザー | Anonymous User |
|---|
| 送信 | 2025年07月31日 17:37 (9 月 ago) |
|---|
| モデレーション | 2025年08月09日 09:51 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319336 [xujeff tianti 天梯 迄 2.3 save 特権昇格] |
|---|
| ポイント | 20 |
|---|