Critical

lunary

Cross-Organization Dataset Prompt Manipulation Vulnerability

A vulnerability in version 1.2.13 of a software allows users to manipulate dataset prompts across different organizations without proper authorization. This issue enables unauthorized creation, update, deletion, and retrieval of dataset prompt information. The vulnerability was identified in the software's handling of project IDs and prompt variation IDs, lacking proper validation against the user's organization. It was patched in the subsequent release.

Available publicly on Jun 09 2024

9.3

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Credit:

acciobugs
Threat Overview

The vulnerability stems from insufficient access control mechanisms within the software's API endpoints for managing dataset prompts and their variations. Specifically, the software fails to validate whether the user attempting to create, update, delete, or retrieve a dataset prompt or its variations has the appropriate organizational permissions. By manipulating the request parameters, such as removing the projectId value, an attacker can bypass the intended access controls. This flaw exposes datasets to unauthorized modifications, potentially compromising data integrity and confidentiality across different organizations.

Attack Scenario

An attacker, logged in as a user from Organization B, intercepts a request intended to modify a dataset prompt belonging to Organization A. By removing the projectId parameter from the request or manipulating the prompt variation ID, the attacker can successfully execute the request, altering the dataset prompt without authorization. This unauthorized access can lead to data corruption, unauthorized data exposure, or loss of data integrity within the victim organization's datasets.

Who is affected

Organizations using the affected version of the software are at risk. Specifically, datasets owned by these organizations can be manipulated by unauthorized users from other organizations, leading to potential data integrity, confidentiality, and availability issues.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.