Submeter #782103: Dromara lamp-cloud 5.8.1 Broken object property level authorizationinformação

TítuloDromara lamp-cloud 5.8.1 Broken object property level authorization
Descrição## Summary A broken access control vulnerability exists in `lamp-cloud` at endpoint `POST /defUser/pageUser` (`DefUserController#pageUser`). An authenticated low-privilege user can enumerate users outside their own organization/company scope. This appears to be a row-level authorization/data-scope failure (BOLA/IDOR-style read exposure), not merely an endpoint authentication issue.
Fonte⚠️ https://github.com/dromara/lamp-cloud/issues/403
Utilizador
 Anonymous User
Submissão18/03/2026 05h05 (há 20 dias)
Moderação04/04/2026 08h27 (17 days later)
EstadoAceite
Entrada VulDB355282 [Dromara lamp-cloud até 5.8.1 DefUserController /defUser/pageUser Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!