In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Authorization Bypass Through User-Controlled Key vulnerabilities in an interactive lesson.
Start learningUpgrade stigmem-node to version 0.9.0a12 or higher.
stigmem-node is a Stigmem reference node — single-host production implementation
Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the issue_tombstone process and the read-suppression path, where tenant scoping is not properly enforced. An attacker can access or suppress data belonging to other tenants by submitting requests that exploit the lack of tenant isolation. This is only exploitable if the deployment is configured with the stigmem-plugin-multi-tenant plugin enabled, allowing multiple tenants on a single node.