The authentication/authorization bypass can be exploited by malicious users to perform actions that are not permitted without proper authorization. In order to exploit this issue, a user must be tricked into accessing the vulnerable resource, typically by entice in a marketing email or social media post.
TA hypothesis: Due to the nature of the REST API, this issue can be exploited by anyone. End users that have no privileged role on the site are able to bypass the authorization filter. This can lead to remote code execution by any user with the necessary privileges.
After the initial exploitation phase, attackers often try to maintain access by avoiding detection by changing their behaviour. For example, attackers often change their behaviour to avoid detection.
Conclusion:
This issue has high potential for exploitation, which is often seen in REST APIs. This issue can be exploited by attackers to perform actions that are not permitted without proper authorization.
TA hypothesis: End users with no privileged role on the site are able to bypass the authorization filter and exploit this issue to perform remote code execution.
Vulnerable code
The vulnerable code is in the REST API and can be exploited by a malicious user to bypass authentication. To exploit this issue, a user must be tricked into accessing the vulnerable resource, typically by entice in a marketing email or social media post.
TA hypothesis: Due to the nature of the REST API, this vulnerability can be exploited by anyone with sufficient privileges on the site. This leads to remote code execution by any user with the necessary privileges.
There are many ways that an attacker can maintain access after initial exploitation has occurred. For example, attackers often change their behaviour to avoid detection and maintain access.
Timeline
Published on: 06/02/2022 14:15:00 UTC
Last modified on: 06/09/2022 18:59:00 UTC