| Название | GitHub OpnForm 1.9.3 Improper Access Controls |
|---|
| Описание | Title: Improper Access Controls on /show/integrations
Description: A low privileged user with read-only restrictions is able to view the integrations endpoint of a form, allowing them to enumerate valid webhook URLs. This endpoint is normally restricted unless an account has user or admin privileges.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit 11d97d78f2de2cb49f79baed6bde8b611ec1f384.
Please see the attached Google Doc link for more information under 6. Improper Access Controls on /forms/<form-slug>/show/integrations Endpoint and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/11d97d78f2de2cb49f79baed6bde8b611ec1f384 |
|---|
| Источник | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.reuyi9lwvpj |
|---|
| Пользователь | balejin (UID 89385) |
|---|
| Представление | 01.10.2025 21:02 (9 месяцы назад) |
|---|
| Модерация | 07.10.2025 15:17 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 327376 [JhumanJ OpnForm до 1.9.3 /show/integrations эскалация привилегий] |
|---|
| Баллы | 20 |
|---|