Abnormal Security Privilege Downgrade Vulnerability in User Management API
Vulnerability
A vulnerability exists in the Abnormal Security API endpoint /v1.0/rbac/users_v2/{USER_ID}/, prior to 2025-02-19. This endpoint allows authenticated users to modify user roles and permissions without proper validation of their authority to do so. Consequently, a user with a lower administrative role, such as Portal Tenant Admin, can downgrade the role of a user with a higher administrative role, like Portal Global Admin, by sending a crafted PUT request.
Impact
Exploitation of this vulnerability allows for unauthorized privilege downgrading, enabling users to reduce the roles and associated permissions of others.
Reproduction
To reproduce this vulnerability, an authenticated user with a lower administrative role can send a PUT request to the /v1.0/rbac/users_v2/{USER_ID}/ endpoint, targeting a user with a higher administrative role. The request must include the desired role downgrade, which the API will apply without verifying the requester's privileges.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.