WeKnora Cross-Tenant Authorization Bypass Vulnerability in Knowledge Base Cloning Endpoint

A cross-tenant authorization bypass vulnerability has been identified in WeKnora versions prior to 0.3.0. This vulnerability allows authenticated users to clone knowledge bases from other tenants into their own, simply by knowing or guessing the source knowledge base ID. The issue arises in the knowledge base copy endpoint, where the system fails to verify ownership before duplicating data. As a result, this flaw enables bulk data exfiltration of documents and FAQ content across different tenants.

Impact

Exploitation of this vulnerability leads to unauthorized access and duplication of knowledge base contents, including documents, FAQ entries, and associated configurations, from one tenant to another.

Reproduction

To reproduce this vulnerability, an authenticated user must obtain a bearer token or API key. With this token, the user can send a POST request to the knowledge base copy endpoint, including the ID of the knowledge base to be cloned from a different tenant. The request will be accepted, and once the cloning task is processed, the copied knowledge base will appear in the user's tenant.

Remediation

Users are advised to update WeKnora to version 0.3.0 or later, where this vulnerability has been patched.