Unauthorized access to Survey menu entries in limesurvey/limesurvey

Valid

Reported on

Jun 29th 2023

Description

The application is not properly verifying the authorization of users accessing survey menu entries.

Proof of Concept

Login as a user with limited privilege. In my case the user permission is set as follows and has no access to surveys.
Visit http://LIMESURVEY/index.php/admin/menus/sa/view to view the survey menu entries.

Impact

Unauthorized users can access data and features that they are not permitted to.

Occurrences

index.php L1-L75

References

https://owasp.org/Top10/A01_2021-Broken_Access_Control/

We are processing your report and will contact the limesurvey team within 24 hours. 5 months ago

We have contacted a member of the limesurvey team and are waiting to hear back 5 months ago

tiborpacalat

commented 4 months ago

Maintainer

Internal tracking number: 19002

Niraj Khatiwada modified the report

4 months ago

tiborpacalat validated this vulnerability 2 months ago

Niraj Khatiwada has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

tiborpacalat marked this as fixed in 6.2.6+230904 with commit b7e7da 2 months ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

tiborpacalat published this vulnerability 2 months ago

index.php#L1-L75 has been validated

to join this conversation