Lucene search
K

3 matches found

OSV
OSV
added 2026/05/29 10:45 p.m.7 views

GHSA-4X6R-9V57-3GQW praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...

8.1CVSS5.9AI score0.00032EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 10:45 p.m.30 views

praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-45060

Name of the Vulnerable Software and Affected Versions praisonai-platform affected versions not specified Description An Insecure Direct Object Reference IDOR exists in the dependency management endpoints. The system verifies if a user is a member of a workspace but fails to verify if the specific...

8.1CVSS6.1AI score0.00032EPSS
Exploits0References7
Rows per page
Query Builder