Submeter #687604: WeiYe-Jing DataX-Web <= 2.1.2 Broken Access Control / Horizontal Privilege Escalationinformação

Título	WeiYe-Jing DataX-Web <= 2.1.2 Broken Access Control / Horizontal Privilege Escalation
Descrição	DataX-Web is a distributed data synchronization tool with multi-user support. The system has a permission model where users can have different roles (admin or regular user) and permissions to access specific job groups. However, critical task management operations (remove, update, start, stop, trigger) do not implement the designed access control checks, allowing users to perform unauthorized operations on tasks they don't own.
Fonte	⚠️ https://github.com/Xzzz111/exps/blob/main/archives/datax-web-broken-access-control-1/report.md
Utilizador	sh7err (UID 91441)
Submissão	02/11/2025 16h47 (há 6 meses)
Moderação	15/11/2025 16h05 (13 days later)
Estado	Aceite
Entrada VulDB	332584 [WeiYe-Jing datax-web até 2.1.2 Job remove/update/pause/start/triggerJob Elevação de Privilégios]
Pontos	19

Do you know our Splunk app?

Download it now for free!