jshERP Improper Authorization Vulnerability in User Addition Endpoint
Vulnerability
A vulnerability allowing improper authorization has been identified in jshERP versions through 3.5. This issue arises in the '/jshERP-boot/user/addUser' endpoint, where users with low-privilege accounts can create new user accounts, including those with administrative rights or specific permissions from other groups. This vulnerability is due to inadequate access controls, allowing unauthorized users to escalate privileges and potentially compromise the system.
Impact
Exploitation of this vulnerability allows unauthorized users to add accounts with elevated privileges, including administrative rights, which can lead to a full system compromise.
Reproduction
To reproduce this vulnerability, log in with a low-privilege account and send a POST request to the '/jshERP-boot/user/addUser' endpoint. Include an access token in the request headers and specify the login name, username, and role ID in the request body. The absence of proper authorization checks will permit the addition of accounts with any assigned privileges.
Remediation
It is recommended to implement proper validation of user permissions by checking cookie information before allowing account creation operations.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.