Ketr JEPaaS Improper Authorization Vulnerability Leading to Vertical Privilege Escalation

A vertical privilege escalation vulnerability has been identified in Ketr JEPaaS versions through 7.2.8. The issue arises in the file '/je/load', where the 'Authorization' argument can be manipulated, leading to improper authorization. This vulnerability can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows unauthorized users to access verification codes associated with any mobile phone number. This access can be used to log into accounts belonging to other users, effectively bypassing normal authorization controls.

Reproduction

To reproduce this vulnerability, log in with a low-privilege account that has basic access rights. Once logged in, obtain the 'Authorization' header value. This can be done by sending a request to the '/je/load' endpoint with the manipulated 'Authorization' value. The request should include other necessary headers such as 'User-Agent', 'Content-Type', and 'X-Requested-With'. After sending the request, the response will include data that can be used to access verification codes for other accounts.