CodeCanyon Mentor LMS CORS Misconfiguration Vulnerability

A Cross-Origin Resource Sharing (CORS) vulnerability has been identified in CodeCanyon's Mentor Learning Management System, specifically in versions through 1.1.1. The issue arises because the server's CORS configuration does not adequately restrict access to trusted origins. This flaw allows any external domain to make requests to the API, potentially leading to unauthorized data access, information disclosure, and further exploitation. The vulnerability affects all URLs within the product.

Impact

Exploitation of this vulnerability could result in a permissive cross-domain policy, allowing untrusted domains to access the API and potentially misuse session cookies. This could lead to unauthorized access to sensitive information, such as AWS keys, and facilitate additional attacks.

Reproduction

To reproduce this vulnerability, log into the affected application as an admin. Once logged in, send a request to the API with an arbitrary Origin header. The server will respond as if the request came from a trusted domain, allowing cross-origin requests to be processed with the same credentials as the logged-in user.