Primary

Context

Casdoor Cross-Organization Token Exchange Vulnerability Allowing Privilege Escalation

Vulnerability

A vulnerability in Casdoor versions through 2.362.0 allows cross-organization token exchange, leading to privilege escalation. The issue arises in the GetTokenExchangeToken function, which validates JWT signatures but fails to ensure that the token's user is from the same organization as the target application. This oversight can result in unauthorized access across different organizations.

Impact

Exploitation of this vulnerability can lead to unauthorized privilege escalation across organizational boundaries in Casdoor deployments.

Remediation

Users are advised to implement stricter identity governance controls, restrict the use of identity providers to trusted sources, and monitor logs for unusual SAML or token activity. High-privilege accounts should be reinforced with additional authentication measures, such as multi-factor authentication.

Added: May 28, 2026, 5:41 PM

Updated: May 28, 2026, 5:41 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

0.0

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

5.0

remediation

0.0

relevance

9.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Casdoor Cross-Organization Token Exchange Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Casdoor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating