[#14506] - Improper Authorization

Category:
Bug report
Priority:
Immediate
Status:
New
Project: Severity:
Critical
Resolution:
Not Fixable
Component: Reproducibility:
Always
Assigned to:

Ther are multiple endpoints in the application that are vulnerable.
1.An user with least privileges has access to the endpoint is able to change cloud and OLAP configuration
parameters.
2.Any user has access to internal paths like that should be reacheable only for an admin user.
Assuming a user with a given identity, authorization is the process of determining whether that user can access
a given resource, based on the user's privileges and any permissions or other access-control specifications that
apply to the resource.
When access control checks are not applied consistently - or not at all - users are able to access data or perform
actions that they should not be allowed to perform. This can lead to a wide range of problems, including
information exposures, denial of service, and arbitrary code execution.
A more specific test to check would be to check if any given user is able to access other users resources. Users
should only be able to access functions, data files, URLs, controllers, services, and other resources, for which
they possess specific authorization. This implies protection against spoofing and elevation of privilege.

AttachmentSize
Image icon jasper_bug.png319.34 KB
ramyakrishna.chilukala's picture
Joined: Oct 3 2022 - 10:12pm
Last seen: 2 months 2 weeks ago
Feedback
randomness