Improper Access Control Allowing Unauthorized Project and User Manipulation
A vulnerability in version 1.2.4 allows users with team management permissions to manipulate project and user assignments across different organizations due to improper backend validation. This issue was patched in a subsequent release.
Available publicly on Jun 07 2024
Remediation Steps
- Validate project identifiers against the current user's organization in the backend.
- Ensure that user and project identifiers are properly checked before performing any changes.
- Update to the latest patched version where these validations are correctly implemented.
- Review and audit logs for any unauthorized changes made using this vulnerability.
- Implement additional security measures to monitor and restrict unauthorized access attempts.
Patch Details
- Fixed Version: N/A
- Patch Commit: N/A
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.