FairSketch Rise CRM Insecure Permissions Vulnerability

A vulnerability exists in FairSketch Rise Ultimate Project Manager & CRM version 3.9.4, allowing remote authenticated users to exploit insecure permissions. Due to inadequate authorization checks in the ticketing and commenting API, users can append comments or upload attachments to tickets without the necessary view or edit rights.

Impact

Exploitation of this vulnerability enables standard users to interact with support tickets inappropriately, potentially misleading other users by impersonating administrative or helpdesk roles.

Reproduction

To reproduce this vulnerability, a standard user must send a POST request to the '/tickets/save_comment' endpoint, including a 'ticket_id' parameter that corresponds to a ticket not assigned to them. This can be done by intercepting and modifying the request to change the 'ticket_id' value, allowing comments to be added to tickets of other users.