Schule Open-Source School Management System Client-Side Role-Based Access Control Bypass Vulnerability

A client-side role-based access control (RBAC) bypass vulnerability has been identified in the Schule open-source school management system, specifically in version 1.0.0. The issue arises because the application relies on client-side JavaScript to manage user roles and redirect them to appropriate panels. This approach is flawed as it trusts the 'data.role' value from the client, allowing attackers to manipulate it and gain unauthorized access to restricted areas by, for example, changing the role to 'admin'.

Impact

Exploitation of this vulnerability allows unauthorized users to access restricted areas of the application, potentially leading to unauthorized actions or data exposure.

Reproduction

To reproduce this vulnerability, intercept the application's API responses or use browser developer tools to modify the 'data.role' value. Set it to an arbitrary role, such as 'admin', and the application will grant access to the admin panel, bypassing the intended role-based access controls.

Remediation

Users can update to version 1.0.1 or later, where this vulnerability has been patched.