Rallly Insecure Direct Object Reference Vulnerability in Poll Participant Rename Function
Vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Rallly, an open-source scheduling and collaboration tool, prior to version 4.5.4. This vulnerability allows any authenticated user to change the display names of other participants in polls, without needing admin rights or being the poll owner. By manipulating the participantId parameter in a rename request, an attacker can alter another user's name, potentially leading to impersonation attacks and confusion among participants.
Impact
Exploitation of this vulnerability allows unauthorized users to change the names of other poll participants, leading to potential impersonation, confusion, and tampering with poll data.
Reproduction
To reproduce this vulnerability, an authenticated user must intercept a rename request intended for their own participant entry. This can be done using a proxy tool to capture and modify the request. The intercepted request can then be altered to target another user's participantId, effectively changing that user's display name in the poll.
Remediation
Users are advised to upgrade to Rallly version 4.5.4 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.