SKA security advisory: insufficient validation of group access rule edit privileges

Description

It was discovered that /groups/{group}/access_rules/{id} accepted POSTs from any authenticated user, allowing them to overwrite SSH authorized_keys options for all group members, regardless of whether they are in the specified group or not.

Vulnerability type

Privilege escalation and risk of access disruption.

Fix

This issue was fixed in commit aa71765.

Credits

This issue was identified, reported, and resolved by MegaManSec in #78.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SKA security advisory: insufficient validation of group access rule edit privileges

Description

Vulnerability type

Fix

Credits

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally