PlaciPy Cross-Tenant Data Access Vulnerability

A critical vulnerability in PlaciPy version 1.0.0 allows for cross-tenant data access due to improper validation of email domains. The application derives tenant identifiers from the email domain provided by users without verifying domain ownership or registration. This flaw enables unauthorized access to data from other organizations, breaking multi-tenant isolation and potentially violating regulatory compliance, such as GDPR.

Impact

Exploitation of this vulnerability leads to a complete failure of multi-tenant isolation, allowing unauthorized access to data from other organizations. This could result in confidential data leakage, unauthorized enrollment in tenant systems, and violations of regulatory compliance, such as GDPR or data residency requirements.

Remediation

To address this vulnerability, it is recommended to validate email domains against a server-side allowlist, require admin-approved domain registration, enforce email verification before activation, and avoid deriving tenant identity from client input. Additionally, all database queries should include tenant enforcement to maintain proper data isolation.