Description

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical and horizontal privilege escalation.

Remediation

References

https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf

https://seclists.org/fulldisclosure/2019/Sep/6

Related Vulnerabilities

CVE-2020-28446 Vulnerability in npm package ntesseract

CVE-2016-2510 Vulnerability in maven package org.apache-extras.beanshell:bsh

CVE-2020-8127 Vulnerability in maven package org.webjars:reveal.js

CVE-2019-5417 Vulnerability in npm package serve

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http

Severity

Critical

Classification

CWE-862 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory Mailing List