Augmentt Web Application Cross-Tenant Access Vulnerability via Insecure Direct Object References

A vulnerability exists in the Augmentt web application that allows unauthorized users to access and manipulate sensitive data across different tenants. This issue arises from insecure direct object references, which can lead to unauthorized access to sensitive information and unauthorized modifications of a tenant's configuration. The vulnerability affects an unknown version of the Augmentt web application, released prior to October 2025.

Impact

Exploitation of this vulnerability allows for cross-tenant access, unauthorized creation of resources, and potentially unauthorized account creation in other tenants.

Reproduction

To reproduce this vulnerability, log in as a user and navigate to the companies menu to retrieve the 'customerid' parameter. Then, go to a function that creates or modifies resources. Intercept the HTTP request using a proxy tool, and modify the 'customerid' parameter to reference another tenant's ID. Finally, forward the request to complete the exploitation.

Remediation

It is recommended that the backend perform mandatory checks before processing requests that include external identifiers like 'customerid'. These checks should ensure that the authenticated user's ID is authorized to access the specified resource ID. If the user ID does not match the resource owner's ID, the server should reject the request and return a generic error, such as HTTP 404 Not Found or HTTP 403 Forbidden.