Gửi #754242: CoCoTeaNet CyreneAdmin ≤1.3.0 Broken Access Controlthông tin

tiêu đề	CoCoTeaNet CyreneAdmin ≤1.3.0 Broken Access Control
Mô tả	Title: Broken Access Control on Dashboard System Info Endpoints BUG_Author: sageee Affected Version: CyreneAdmin (Current GitHub Head) Vendor: CoCoTeaNet GitHub Repository Software: CyreneAdmin Vulnerability Url: ● /api/system/dashboard/getCount ● /api/system/dashboard/getSystemInfo Description: The application fails to properly enforce role-based access control (RBAC) on sensitive system monitoring endpoints. 1. Under normal circumstances, unauthorized access to restricted administrative interfaces results in a specific error response: `{"code": 4002, "message": "无权限访问"}`. 2. However, a standard user (e.g., username `test`) with low privileges is able to bypass this check and successfully request `/api/system/dashboard/getCount` and `/api/system/dashboard/getSystemInfo`. 3. Instead of receiving the 4002 error, the server returns sensitive system environment data (OS, Java version) and business statistics, leading to Information Disclosure and Broken Access Control. Reproduction Steps: 1. Login to the application using a standard user account (e.g., `test`). 2. Obtain the valid authentication token (Authorization header) for this low-privileged user. 3. Send a GET request to the administrative endpoints. Vulnerability Request & Response Analysis: Request: ```http GET /api/system/dashboard/getSystemInfo HTTP/1.1 Host: localhost:8080 Authorization: [Standard_User_Token] User-Agent: Mozilla/5.0 ``` Vulnerable Response (Actual): The server returns HTTP 200 with system details, bypassing the permission check. ```json { "code": 200, "msg": "操作成功", "data": { "osName": "Windows 11", "osArch": "amd64", "javaVersion": "1.8.0_301", "userDir": "C:\\Users\\Admin\\CyreneAdmin", "cpuUsage": 15.5, "memUsage": 45.2 } } ``` Contrast with Secure Behavior: If the access control were working correctly, the server should have returned the following denial message (which it failed to do): ```json { "code": 4002, "data": null, "message": "无权限访问", "time": "2026-02-08 20:39:58" } ```
Người dùng	sageee (UID 82251)
Đệ trình	08/02/2026 14:12 (cách đây 4 các tháng)
Kiểm duyệt	18/02/2026 15:20 (10 days later)
Trạng thái	được chấp nhận
Mục VulDB	346493 [CoCoTeaNet CyreneAdmin đến 1.3.0 System Info Endpoint getCount nâng cao đặc quyền]
điểm	17

◂ Trước Tổng Quan Tiếp theo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!