Primary

Context

Radar Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

An authentication bypass vulnerability has been identified in Radar version 1.0.8. This issue allows attackers to access sensitive APIs without a token by exploiting incorrect access control in the application's authentication interceptor. The vulnerability arises because the interceptor's request URI handling can be manipulated to bypass authentication checks.

Impact

Exploitation of this vulnerability allows unauthorized access to sensitive APIs, potentially leading to exposure of confidential data or functionality.

Reproduction

To reproduce this vulnerability, send a request to the '/services/user/login/../../v1/datalist/1' endpoint. The authentication check will be bypassed, granting access to the data without a valid token.

Added: Aug 20, 2025, 9:20 PM

Updated: Aug 20, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.6

remediation

0.0

relevance

0.4

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Radar Incorrect Access Control Vulnerability Allowing Authentication Bypass

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating