Control iD RH iD Resource Injection Vulnerability in PDF Document Handler

A resource injection vulnerability has been identified in Control iD RH iD version 25.2.25.0. This issue arises in the PDF Document Handler component, specifically within the file '/v2/report.svc/comprovante_marcacao/?companyId=1'. The vulnerability is triggered by manipulating the 'nsr' parameter, leading to improper control of resource identifiers. This flaw allows unauthorized access to sensitive PDF documents of employees by modifying the 'nsr' value, with the attack being executable remotely.

Impact

Exploitation of this vulnerability enables unauthorized users to access and download sensitive PDF documents related to employees, exposing confidential information such as work schedules and attendance records.

Reproduction

To reproduce this vulnerability, access the endpoint '/v2/report.svc/comprovante_marcacao/?companyId=1&nsr=8511'. Then, modify the 'nsr' parameter to a different value corresponding to another employee's ID. The response will include a PDF file related to the employee associated with the new 'nsr' value, potentially revealing sensitive information.