3 matches found
GHSA-6H6V-6M7W-7VXX PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...
Authorization Bypass Through User-Controlled Key
Overview praisonai-platform is a Platform layer for PraisonAI — workspace, auth, issues, projects Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the process that handles workspace-scoped object access. An attacker can gain unauthorized acce...
PraisonAI Platform workspace-scoped routes allow cross-workspace object access by global object ID
Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace by supplying the victim object's global UUID. The affected pattern...