brcc Access Control Vulnerability in Admin API
Vulnerability
A vulnerability allowing authentication bypass has been identified in brcc version 1.2.0. This issue arises from incorrect access control in the admin API, which can be exploited by sending a crafted request that bypasses authentication requirements. The vulnerability is rooted in the user authentication filter, where the request URI is improperly parsed, allowing attackers to access admin rights without a valid token.
Impact
Exploitation of this vulnerability allows unauthorized access to admin rights, enabling attackers to interact with the admin API and potentially manipulate or access sensitive information or functionalities reserved for administrators.
Reproduction
To reproduce this vulnerability, configure the application's context path to '/v2' and ensure that this path is listed in the noAuths array, which contains paths that can be accessed without authentication. Once these conditions are met, sending a request to '/v2/admin/queryUser' will bypass authentication and expose private user information to the requester.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.