WeKnora Authorization Bypass Vulnerability in Tenant Management Allowing Cross-Tenant Account Takeover

An authorization bypass vulnerability has been identified in the WeKnora application, specifically in the tenant management endpoints. This issue allows any authenticated user to read, modify, or delete tenants by ID, without proper authorization checks. Since account registration is open to the public, an unauthenticated attacker can register an account and exploit this vulnerability, leading to cross-tenant account takeover and destruction. The vulnerability affects WeKnora versions prior to 0.3.2.

Impact

Exploitation of this vulnerability allows for broken access control, enabling any user to access, modify, or delete tenants belonging to other customers. This results in cross-tenant data exposure, unauthorized account takeover, and destructive actions against other tenants. Additionally, an attacker who takes over an account can access sensitive data such as API keys for LLM services.

Reproduction

To reproduce this vulnerability, register a new account and obtain a bearer token or API key. With this token or key, access the tenant management endpoints without ownership checks. Tenants can be listed, read, modified, or deleted by ID, using the API key for authorization. Actions performed on behalf of the victim account can include reading sensitive data, such as LLM API keys and knowledge bases, and modifying or deleting tenant information.

Remediation

Users are advised to update to WeKnora version 0.3.2, where this vulnerability has been patched.