| tiêu đề | GitHub OpnForm 1.9.3 Improper Access Controls |
|---|
| Mô tả | Title: Broken Function Level Authorization on the /custom-domains API Endpoint
Description: A low privileged user with read-only restrictions is able to modify the custom domain of an OpnForm instance. This action is normally invisible to a user with these privileges.
The vulnerability has confirmed by the vendor to have been patched in v1.9.3 main branch with commit beb153ce52dceb971c1518f98333328c95f1ba20.
Please see the attached Google Doc link for more information under 5. Broken Function Level Authorization on the /custom-domains API Endpoint and the Response from the Vendor section for more detail.
Vulnerable version: https://github.com/JhumanJ/OpnForm/tree/v1.9.3
Patched Commit: https://github.com/JhumanJ/OpnForm/pull/900/commits/beb153ce52dceb971c1518f98333328c95f1ba20 |
|---|
| Nguồn | ⚠️ https://docs.google.com/document/d/1GUjJA9vUbsXUngAv6ySsbCIhVynf8_djardLZYEDOe0/edit?tab=t.0#heading=h.gm61tyll8uys |
|---|
| Người dùng | balejin (UID 89385) |
|---|
| Đệ trình | 01/10/2025 21:00 (cách đây 9 các tháng) |
|---|
| Kiểm duyệt | 07/10/2025 15:17 (6 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 327375 [JhumanJ OpnForm đến 1.9.3 API Endpoint /custom-domains nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|