| タイトル | WeiYe-Jing DataX-Web <= 2.1.2 Broken Access Control / Horizontal Privilege Escalation |
|---|
| 説明 | DataX-Web is a distributed data synchronization tool with multi-user support. The system has a permission model where users can have different roles (admin or regular user) and permissions to access specific job groups. However, critical task management operations (remove, update, start, stop, trigger) do not implement the designed access control checks, allowing users to perform unauthorized operations on tasks they don't own. |
|---|
| ソース | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md |
|---|
| ユーザー | sh7err (UID 91441) |
|---|
| 送信 | 2025年11月02日 16:47 (6 月 ago) |
|---|
| モデレーション | 2025年11月15日 16:05 (13 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 332584 [WeiYe-Jing datax-web 迄 2.1.2 Job remove/update/pause/start/triggerJob 特権昇格] |
|---|
| ポイント | 19 |
|---|