Brave CMS Missing Authorization Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in Brave CMS versions prior to 2.0.6. The issue arises from a missing authorization check in the update role endpoint, allowing any authenticated user to change account roles and gain Super Admin privileges. This vulnerability exists because the POST route for updating roles does not include the necessary middleware to verify user permissions.

Impact

Exploitation of this vulnerability allows low-privileged users to gain Super Admin rights, granting them full access to all system data, the ability to modify users and content, and complete control over system availability.

Reproduction

To reproduce this vulnerability, authenticate as a Basic User with no permissions. Intercept the request to the update role endpoint using a web proxy. Modify the request to include a higher role ID, such as 4, and send the request. The application will process it without permission verification, and the user will be promoted to Super Admin.

Remediation

Users are advised to update to Brave CMS version 2.0.6 or later. For those using an earlier version, add the missing middleware to the update role route in routes/web.php to ensure that only authorized users can assign roles.