| 제목 | WeiYe-Jing DataX-Web <= 2.1.2 Broken Access Control / Horizontal Privilege Escalation |
|---|
| 설명 | DataX-Web is a distributed data synchronization tool with multi-user support. The system has a permission model where users can have different roles (admin or regular user) and permissions to access specific job groups. However, critical task management operations (remove, update, start, stop, trigger) do not implement the designed access control checks, allowing users to perform unauthorized operations on tasks they don't own. |
|---|
| 원천 | ⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md |
|---|
| 사용자 | sh7err (UID 91441) |
|---|
| 제출 | 2025. 11. 02. PM 04:47 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 15. PM 04:05 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 332584 [WeiYe-Jing datax-web 까지 2.1.2 Job remove/update/pause/start/triggerJob 권한 상승] |
|---|
| 포인트들 | 19 |
|---|