Headline
CVE-2023-40918: [Escalation of Privileges] Unauthorized users can create a new user with admin role · Issue #1128 · didi/KnowStreaming
KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Unauthorized users can create a new user with an admin role.
- [Y ] 我已经在 issues 搜索过相关问题了,并没有重复的。
你是否希望来认领这个Bug。
Env
- KnowStreaming version : 3.0.0
- Operating System version :
- Java version :
This issue is tested on the website https://demo.knowstreaming.com
Steps to reproduce this issue
Get the role id of user "admin". We can send such request to the server. The request is without cookie or token, aka it is unauthorized. If the user’s id is not 1, we can guess it with brute force. As shown in the picture, we get the role id 1677.
Create a new user with “admin” role. We can send such request to the server. The request is without cookie or token, aka it is unauthorized.
Log on the new user with password. We logged on with an admin role.
Expected Results
Unauthorized users should not get user’s detail info and should not create a new user.
Actual Results
Unauthorized users get user’s detail info and create a new user. The created user logs successfully.