Checkmate Mass Assignment Vulnerability Allowing Privilege Escalation to Superadmin
Vulnerability
A mass assignment vulnerability has been identified in Checkmate, an open-source tool for monitoring server hardware and incidents. This vulnerability exists in versions through 3.5.1, specifically in the user profile update endpoint. It allows any authenticated user to escalate privileges to superadmin, bypassing role-based access controls. Exploitation enables the attacker to gain full administrative rights, including access to all user data, critical configurations, and sensitive system information.
Impact
Exploitation of this vulnerability allows for unauthorized privilege escalation to superadmin, granting complete administrative access to the application.
Reproduction
To reproduce this vulnerability, an authenticated user must send a PATCH request to the user profile update endpoint. The request should include the 'role' field, specifying 'superadmin'. This can be done using a tool like curl, after logging in and obtaining an authentication token.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.