LibreTime Broken Access Control Vulnerability in Analytics Endpoints
Vulnerability
A broken access control vulnerability has been identified in LibreTime versions through 3.0.0-alpha.10. This issue allows users with the DJ role to access station-wide analytics data via the Web UI and direct API calls. The backend fails to enforce role-based permissions for analytics endpoints, leading to unauthorized information disclosure to less privileged users.
Impact
Exploitation of this vulnerability allows for unauthorized access to analytics data, which could be misused to gain insights into station performance or listener metrics that are not intended for the DJ role.
Reproduction
The vulnerability can be reproduced by logging into LibreTime with a DJ account. Once logged in, access the analytics data through the Web UI or by making direct API calls to the analytics endpoints. The data retrieved will include station-wide metrics, which should not be accessible to users with the DJ role.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.