Lark Technologies: Normal User is able to EXPORT Feature Usage Statistics

A vulnerability was found where certain Lark endpoints did not properly validate user permissions, allowing a low-privileged user to generate and download usage statistics information. We thank @aishkendle for reporting this to our team...

Lark Technologies: [AWC-Pune] - User can download files deleted by Admin using shortcuts

A vulnerability was found in where a Lark user could bypass Admin restrictions on deleted files, which typically would block users of the file from downloading or using it. However, the user could add a shortcut of the file to a folder, and upon downloading that folder could access the file...

Lark Technologies: Able to steal private files by manipulating response using Auto Reply function of Lark

A IDOR Insecure Direct Object Reference vulnerability was found within the "AutoReply" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imrannisar for reporting...

Lark Technologies: Able to steal private files by manipulating response using Compose Email function of Lark

A IDOR Insecure Direct Object Reference vulnerability was found within the "Compose Email" functions of Lark. This vulnerability could have allowed malicious users to fetch the files of other users if they knew the specific file ID which was an alphanumeric value. We thank @imrannisar for reporti...

Lark Technologies: Attacker is able to join any tenant on larksuite and view personal files/chats.

A privilege escalation issue was found in Open.larksuite.com, which could have potentially allowed attackers to join any tenant, and view files and communications that are shared by team members. We thank @imrannisar for reporting this to our team and confirming the resolution...

Lark Technologies: Removed user can still view comments on the file/documents.

A vulnerability was found using a message API endpoint which could have resulted in a user being able to retrieve comments from a document after being removed. We thank @imrannisar for reporting this to our team...

Lark Technologies: Improper Access Control on Lark Footer Feature

Due to improper access control within Lark's footer feature, an attacker could have potentially accessed private files. We thank @imrannisar for reporting this to our team and confirming the resolution...

Lark Technologies: Non privileged user is able to approve his own app himself leading to mass privilege escalations.

A privilege escalation vulnerability was identified in Lark which could have potentially allowed an attacker to approve the apps in the same tenant by bypassing the admin approval. We thank @imrannisar for reporting this to our team...

Lark Technologies: In orginization stored xss using location (Larksuite survey app)

A stored XSS cross-site scripting vulnerability was found in Larksuite survey app using the "site" parameter. We thank imrannisar for reporting this vulnerability and confirming its resolution...

Lark Technologies: Stored xss on helpdesk using user's city

A stored XSS cross-site scripting was found on the internal larksuite helpdesk, which an attacker could have potentially used to obtain access to the internal helpdesk. We thank imrannisar for reporting this vulnerability and confirming its resolution...

Lark Technologies: Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.

A XSS Cross-Site Scripting vulnerability was found in larksuite via the "backuri" parameter, caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. This could result in a Javascript payload being injected into the vulnerable endpoint and executed in t...

Lark Technologies: Stored XSS in Satisfaction Surveys via "Ask Reason for Dissatisfaction" option

A stored XSS cross site scripting vulnerability was found within the Lark satisfaction survey which an attacker could have potentially used to inject malicious javascript within the "reason for dissatification" section when selecting a poor rating after a help desk chat is completed. We thank...

Lark Technologies: Messages disclosure via search feature of other users group(Cross-Tenant).

Due to a Insecure Direct Object Reference IDOR vulnerability identified within the message search function of Lark, an attacker could have potentially viewed messages, docs, and attachments shared in other users groups. We thank @base64 for reporting this to our team and verifying the resolution...

Lark Technologies: Stored XSS & SSRF in Lark Docs

A stored XSS cross site scripting vulnerability was discovered in Lark Docs that could be escalated into a Server Side Request Forgery SSRF vulnerability if opened in a headless browser on the Lark server. The vulnerability has been resolved. We thank @mike12 for reporting this to our team and...

Lark Technologies: Stored xss in larksuite internal helpdesk and other user's helpdesk.

A stored XSS cross site scripting vulnerability was found which an attacker could have potentially used to obtain access to the internal team's help desk and view submitted user tickets. We have resolved this issue and thank @imrannisar for reporting this to our team...

Lark Technologies: User with single department permission can view applicant list of all department's

An endpoint was discovered that did not properly check for user permissions which could have caused unauthorized access to view pending approval requests, email addresses, and phone numbers belonging to other departments. We thank @imrannisar for reporting this to our team and confirming the...

Lark Technologies: RPC Implementation allows unauthenticated remote calls

It was found that the RPC implementation via postMessage within Lark did not check origin, so an attacker could have potentially performed RPC calls on behalf of a user. We thank @mike12 for reporting this to our team and confirming the resolution...

Lark Technologies: Hyper Link Injection while signup

A hyperlink injection attack was reported on the Lark website. This flaw has since been remediated. We thank @susantwagle123 for reporting this to our team and confirming the resolution...

Lark Technologies: Sensitive information of helpdesk is being leaked.

Due to improper access control, Larksuite help desk tickets could have been accessed by users who are not owners or admins of the helpdesk. We thank @imrannisar for reporting this to our team and verifying the resolution...

Lark Technologies: Access to private file's of helpdesk.

A improperly implemented access controls vulnerability was found at a Larksuite endpoint that could have resulted in a team founder who was also an admin of a separate helpdesk, to view an arbitrary image from a ticket they did not have permission to view. We thank @imrannisar for reporting this ...