An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the…
mitre·CWE-922·Published 2020-12-18
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them.
An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them.
Se detectó un problema en Tangro Business Workflow versiones anteriores a 1.18.1. No se presentan comprobaciones de control de acceso (o están rotas) en el endpoint de la API /api/document/(DocumentID)/attachments. Conociendo un ID de documento, un atacante puede listar todos los archivos adjuntos de un elemento de trabajo, incluyendo sus respectivos ID. Esto permite al atacante recopilar ID de adjuntos válidos para los valores atenuados que no les pertenecen
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 4.0 | 8.0 | 2.9 | AV:N/AC:L/Au:S/C:P/I:N/A:N |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N |
| 3.1 | Primary | cve.org | 4.3 | — | — | CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N |
| 3.1 | Primary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
| 3.1 | Secondary | NVD | 4.3 | 2.8 | 1.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |