| Title | https://www.tduckcloud.com tduck-platform commit e71c1e5 Improper Access Controls |
|---|
| Description | A vertical privilege escalation vulnerability exists in the latest version of tduck-platform. An attacker with a normal user account can exploit this flaw to bypass authorization checks and access sensitive management APIs under the /manage/ path, which should only be accessible by administrators. |
|---|
| Source | ⚠️ https://github.com/TDuckCloud/tduck-platform/issues/28 |
|---|
| User | RacerZ (UID 88457) |
|---|
| Submission | 07/28/2025 15:30 (11 months ago) |
|---|
| Moderation | 08/08/2025 17:27 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319261 [TDuckCloud tduck-platform up to 5.1 /manage/ preHandle improper authorization] |
|---|
| Points | 17 |
|---|