RomM Insecure Direct Object Reference Vulnerability Allowing Access to Private Collections
Vulnerability
An insecure direct object reference vulnerability has been identified in RomM (ROM Manager) versions prior to 4.4.1 and 4.4.1-beta.2. This vulnerability allows users to access private collections and smart collections of other users by directly using their IDs through the API. The affected endpoints do not verify ownership or check the public/private status of the collections before returning the data. The vulnerability arises because the 'is_public' flag, which controls visibility, is not validated in the endpoint logic.
Impact
Exploitation of this vulnerability allows unauthorized users to access private collection data, leading to a breach of privacy for the affected users.
Remediation
Users can update to RomM version 4.4.1 or 4.4.1-beta.2, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.