| Título | Open-Source LitmusChaos 3.19.0 Broken Access Control via Login Response Manipulation |
|---|
| Descrição | A broken access control vulnerability was identified in the LitmusChaos platform, where a user can gain unauthorized access to another user's project by manipulating the projectID returned in the response of the /auth/login endpoint. This flaw results from excessive trust in client-side data and a lack of server-side validation after authentication.
Details
Upon successful authentication, the /auth/login response includes a list of accessible project IDs and the user's role for each. This information is stored on the client side and is used by the frontend to determine access and visibility to projects.
However, by intercepting and modifying this response, specifically the projectID value, a malicious user can inject unauthorized project references. The backend fails to verify whether the user truly has access to the referenced project, thus allowing privilege escalation and access to resources beyond their scope.
This weakness violates the principle of secure-by-default access control and exposes internal project data across user boundaries. |
|---|
| Fonte | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/readme05.md |
|---|
| Utilizador | maique (UID 88562) |
|---|
| Submissão | 31/07/2025 04h19 (há 9 meses) |
|---|
| Moderação | 09/08/2025 07h34 (9 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 319323 [LitmusChaos Litmus até 3.19.0 /auth/login projectID Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|