Tuleap 16 est là ! Assistez à l'événement virtuel le 17 octobre à 10h30. Inscrivez-vous ici !

    •  
      request #33608 Preview of a linked artifact with a type does not respect permissions
    Infos
    #33608
    Thomas Gerbet (tgerbet)
    2023-08-21 08:45
    2023-07-25 15:08
    35206
    Details
    Preview of a linked artifact with a type does not respect permissions

    The preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal).

    Impact

    Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced.
    CVSSv3.1 score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

    Exploitation

    1. Have an artifact in a private project
    2. With a user that is not a member of this private project edit another artifact elsewhere. Edit an artifact links field, select a type and try to preview this link with an artifact in the private project.

    References

    CWE 200
    OWASP Top 10 Broken Access Control
    CVE-2023-38508

    Acknowledgement

    This security issue was reported by Aurélien TISNÉ from CS Group.

    Trackers
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2023-07-26
    Attachments
    Empty
    References

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2023-07-27 10:16

    CVE-2023-38508 has been assigned to this issue.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2023-07-25 15:32
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    User avatar
    Thomas Gerbet (tgerbet)2023-07-25 15:28

    A patch is under review: gerrit #29077.


    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes