Casdoor Authorization Bypass Vulnerability in SCIM User Creation Endpoint

A critical authorization bypass vulnerability has been identified in Casdoor versions through 1.811.0. This issue resides in the SCIM User Creation Endpoint, specifically within the HandleScim function of the controllers/scim.go file. The vulnerability allows remote attackers to create admin accounts without authentication, as the endpoint lacks proper authorization middleware. Exploitation involves sending a POST request to the /scim/Users endpoint with user details, which are then processed without verifying the requester's admin status.

Impact

Exploitation of this vulnerability allows for unauthorized creation of admin accounts, potentially leading to unauthorized access and actions within the application.

Reproduction

To reproduce this vulnerability, send a POST request to the /scim/Users endpoint with a payload that includes user details such as display name, email, and password. The absence of authentication middleware will result in the creation of a SCIM user, which is linked to a local user account.

Remediation

Users are advised to upgrade to Casdoor version 1.812.0, which addresses this vulnerability.