| Title | Tianti Project Tianti 2.3 Missing Authorization |
|---|
| Description | The system contains a critical security design flaw in UserController (package com.jeff.tianti.controller). The permission model is implemented exclusively at the client-side (UI) level. This approach merely "hides" functionality and is not an effective security control. The backend API, which is the true enforcement point for actions, implicitly trusts all requests received from the client. It fails to perform its own mandatory verification of the user's roles or permissions. Besides, all APIs are exposed in the javascript code of the returned page.
Consequently, when a low-privilege user bypasses the UI (e.g., through web proxies or by crafting direct API calls) and sends a request to a backend endpoint, the backend code executes the request blindly. This leads to a vertical privilege escalation vulnerability, where the low-privilege user can do anything that a super administrator can do, including resetting passwords, arbitrarily deleting users, and managing menu permissions. |
|---|
| Source | ⚠️ https://github.com/N1n3b9S/cve/issues/15 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/31/2025 17:37 (9 months ago) |
|---|
| Moderation | 08/09/2025 09:51 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319336 [xujeff tianti 天梯 up to 2.3 save authorization] |
|---|
| Points | 20 |
|---|