EasyVirt DCScope and CO2Scope Access Control Vulnerability Allowing Privilege Escalation
Vulnerability
A vulnerability exists in EasyVirt DCScope versions through 8.6.0 and CO2Scope versions through 1.3.0, where multiple incorrect access control issues allow remote authenticated attackers with low privileges to manipulate user and group data. Exploitation of this vulnerability could lead to unauthorized privilege escalation.
Impact
Exploitation allows a low-privileged user to modify group affiliations and permissions, create or alter user accounts, and access sensitive information from other users, such as emails and role memberships, facilitating a rise in privileges.
Reproduction
To reproduce this vulnerability, an authenticated user with low privileges can send a request to the '/api/user/updatealias' route to modify their own group and permissions. This request must include an authorization token and specify the new group name and permissions in the request body. Once the group is modified, the user can create or change other user accounts and access data from different users, including their emails and role memberships.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.