Tag
#praisonai-platform
Understanding Insecure Direct Object Reference (IDOR) Vulnerability in praisonai-platform
This blog post explains the IDOR vulnerability in praisonai-platform, specifically in the label endpoints, and how it allows an attacker to edit, delete, and link labels across workspaces.
praisonai-platform Vulnerability Allows Workspace Takeover
A vulnerability in praisonai-platform allows any member to remove any other member, including the workspace owner, enabling a full workspace takeover.
Vertical Privilege Escalation in praisonai-platform via PATCH /workspaces/{id}/members/{user_id}
A critical vulnerability was discovered in the praisonai-platform, allowing any workspace member to promote themselves or others to an owner via the PATCH /workspaces/{id}/members/{user_id} endpoint. This is due to insufficient role checks and improper use of the require_workspace_member dependency in the route.
Critical Vulnerability in praisonai-platform: Hardcoded JWT Signing Key Allows Token Forgery
A critical vulnerability in praisonai-platform allows attackers to forge JWT tokens for any user due to a hardcoded signing key.
Insecure Direct Object Reference in praisonai-platform Dependency Endpoints
The praisonai-platform is vulnerable to an Insecure Direct Object Reference (IDOR) attack in its dependency endpoints. This vulnerability allows an attacker to create, read, and delete dependencies across different workspaces, leading to potential data integrity and confidentiality issues.