Chartbrew Unauthenticated Account Creation Vulnerability via /user/invited Endpoint
Vulnerability
A vulnerability in Chartbrew version 4.9.0 allows unauthenticated users to create active accounts by exploiting the /user/invited endpoint, which lacks proper validation of invite tokens, authentication headers, or user sessions. This issue arises even when the signupRestricted feature is enabled and the instance has existing users. The vulnerability has been addressed in version 5.0.0.
Impact
Exploitation of this vulnerability allows an unauthenticated attacker to create an account on any Chartbrew instance, bypassing signup restrictions, and immediately receive a valid JSON Web Token (JWT) for authenticated API access. This includes the ability to create teams, projects, and data connections, as well as interact with shared or public dashboards visible to authenticated users.
Reproduction
To reproduce this vulnerability, send a POST request to the /user/invited endpoint without any authentication or invite token. Include a name, email, and password in the request body. The response will include a valid JWT and an active account.
Remediation
Users can update to Chartbrew version 5.0.0, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.