Rymcu Forest Missing Authorization Vulnerability in User Dictionary Management API

A critical missing authorization vulnerability has been identified in Rymcu Forest versions prior to de53ce79db9faa2efc4e79ce1077a302c42a1224. The issue resides in the UserDicController, specifically within the functions getAll, addDic, editDic, and deleteDic. This vulnerability allows any unauthenticated user to perform CRUD operations on the system-wide user dictionary, which is used for full-text search across the application. The lack of authorization checks can lead to unauthorized data manipulation and disruption of search functionalities.

Impact

Exploitation of this vulnerability allows for unauthorized management of the user dictionary, with impacts including manipulation of search results, disruption of search functionalities, and potential denial-of-service conditions by flooding the dictionary with entries or deleting critical terms.

Reproduction

The vulnerability can be reproduced by sending requests to the unprotected dictionary management endpoints without any authentication. This can be done using a tool like Postman or through a simple script that automates the process. Once the requests are sent, the responses can be checked to confirm the unauthorized actions were successfully performed.

Remediation

To address this vulnerability, it is recommended to implement proper authorization checks on all affected endpoints. This can be done by adding role-based access controls to ensure that only authorized users can perform dictionary management actions.