HireFlow Incorrect Access Control Vulnerability Allowing Horizontal Privilege Escalation

A vulnerability in HireFlow version 1.2 allows for incorrect access control on the '/candidate/<id>' and '/interview/<id>' endpoints. The application fails to enforce object-level authorization, enabling any authenticated user to access other users' candidate profiles and interview notes by manipulating the ID in the URL. This issue results in horizontal privilege escalation and a complete data breach of all records within the system.

Impact

Exploitation of this vulnerability leads to unauthorized access to all users' candidate profiles and interview notes, causing a full data breach of the application's records.

Reproduction

To reproduce this vulnerability, log in with any valid account and navigate to the '/candidate/<id>' or '/interview/<id>' endpoints. Manually edit the URL to increment the ID and access data belonging to other users. The application will return the requested candidate or interview records without any authorization checks.

Remediation

The vulnerability has been patched in HireFlow version 1.3. Users should update to this version.