You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The validation logic in the interface implementation:
Whether the user is in an available state.
Whether the user is an administrator; if not, it only needs to be verified whether they are modifying their own data.
The interface implementation did not validate whether non-administrator users could modify their own roles, thus allowing normal users to change their roles to administrator without any restrictions.
Exploit
test001 is a normal user, the code of role is 0. rcc-token in the header of request is the token of test001.
It's successful. test001 has become an administrator.
The text was updated successfully, but these errors were encountered:
Overview
There exists an insecure permission in BRCC from version 1.0.1 to latest. A normal user can escalate his/her role to admin via a POST request.
The affected interface is /console/admin/updateAdmin/{userId}.
This interface allows normal users to arbitrarily modify their own roles.
Details
Affected Function: com.baidu.brcc.controller.AdminController#updateAdmin
The validation logic in the interface implementation:
The interface implementation did not validate whether non-administrator users could modify their own roles, thus allowing normal users to change their roles to administrator without any restrictions.
Exploit
test001 is a normal user, the code of role is 0.
rcc-token in the header of request is the token of test001.
It's successful. test001 has become an administrator.
The text was updated successfully, but these errors were encountered: