| Title | Open-Source Web LitmusChaos 3.19.0 Privilege Chaining |
|---|
| Description | A critical privilege escalation vulnerability was identified in the LitmusChaos platform, which allows a low-privileged user to gain elevated privileges (from Viewer to Owner) over a project by tampering with the role value in the response of the /auth/list_projects endpoint. This flaw results in unauthorized actions being performed on resources that should be read-only for the user. |
|---|
| Source | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/readmi1.md |
|---|
| User | maique (UID 88562) |
|---|
| Submission | 07/31/2025 01:52 (9 months ago) |
|---|
| Moderation | 08/09/2025 07:34 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319319 [LitmusChaos Litmus up to 3.19.0 /auth/list_projects role improper authorization] |
|---|
| Points | 20 |
|---|