WeKnora Broken Access Control Vulnerability Allowing Cross-Tenant Data Exposure

A broken access control vulnerability has been identified in WeKnora versions prior to 0.2.12. This vulnerability allows authenticated tenants to access sensitive data from other tenants, including API keys, model configurations, and private messages. The issue arises because the application does not properly enforce tenant isolation on critical tables, enabling unauthorized data access with user-level authentication. The vulnerability has been patched in version 0.2.12.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data across different tenant accounts, including API keys, private messages, and model configurations. This breach of data privacy and security could have serious implications, especially if exposed information includes authentication credentials or confidential business communications.

Reproduction

To reproduce this vulnerability, authenticate as a tenant and use the database_query tool to execute SQL queries targeting the 'models' or 'messages' tables. The absence of tenant isolation will allow access to all records from these tables across different tenants, bypassing privacy controls.

Remediation

Users are advised to update WeKnora to version 0.2.12 or later, where this vulnerability has been patched.