Impact
The userAccount_write permission is included in each built-in roles used in user management and the XML users file /opt/rudder/etc/rudder-users.xml file. Theses roles, such as read_only, compliance, are meant for read-only access to some parts of Rudder, excluding user management.
However, the userAccount_write permission now allows access to the POST /rudder/api/latest/usermanagement/update/{username} endpoint (since 8.3.0 : #5669).
This causes two security breaches :
- any user with previously unprivileged roles can do ATO (Account Takeover), by updating the password of another user
- any user with previously unprivileged roles can do privilege escalation, by updating its own roles to higher privilege ones (
administrator)
Patches
#6386
Workarounds
None
References
Impact
The
userAccount_writepermission is included in each built-in roles used in user management and the XML users file/opt/rudder/etc/rudder-users.xmlfile. Theses roles, such asread_only,compliance, are meant for read-only access to some parts of Rudder, excluding user management.However, the
userAccount_writepermission now allows access to thePOST /rudder/api/latest/usermanagement/update/{username}endpoint (since 8.3.0 : #5669).This causes two security breaches :
administrator)Patches
#6386
Workarounds
None
References