Cerebrate Privilege Escalation Vulnerability in UsersController Edit Endpoint

A privilege escalation vulnerability exists in the Cerebrate application, specifically in the UsersController's edit method, prior to version 1.30. This vulnerability allows authenticated, non-privileged users to escalate their privileges by manipulating the role_id or organisation_id fields in the edit request. As a result, these users could potentially gain access to higher roles, such as admin.

Impact

Exploitation of this vulnerability allows for unauthorized privilege escalation, enabling users to obtain higher roles, such as admin.

Reproduction

To reproduce this vulnerability, an authenticated non-privileged user can send a request to the user-edit endpoint while including or modifying the role_id or organisation_id fields. This manipulation can be done through the application's user interface or by directly editing the request payload if the application does not properly validate these fields before processing the request.

Remediation

Users can update to Cerebrate version 1.30 or later, where this vulnerability has been addressed.