LitmusChaos Privilege Escalation Vulnerability in Project Role Authorization
Vulnerability
A critical privilege escalation vulnerability exists in LitmusChaos versions through 3.19.0. The issue arises in the '/auth/list_projects' endpoint, where improper authorization allows low-privileged users to manipulate role values and gain elevated privileges. This exploitation enables unauthorized actions on projects that should be restricted to read-only access.
Impact
Exploitation of this vulnerability allows users to escalate privileges from Viewer to Owner on projects, bypassing authorization controls. This unauthorized access can lead to a complete takeover of the project, including the ability to delete experiments and modify project data, undermining the platform's access control mechanisms.
Reproduction
To reproduce this vulnerability, a user with Viewer access to a project can intercept the response from the '/auth/list_projects' endpoint using a proxy tool like Burp Suite. By changing the role value from 'Viewer' to 'Owner' and resending the request, the user can gain Owner privileges. This escalation can be verified by successfully performing actions, such as deleting an experiment, that are normally restricted.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.