Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Taskosaur Improper Role Assignment via Parameter Manipulation in User Registration
Vulnerability Description
Taskosaur is an open source project management platform with conversational AI for task execution in-app. In 1.0.0, the application does not properly validate or restrict the role parameter during the user registration process. An attacker can manually modify the request payload and assign themselves elevated privileges. Because the backend does not enforce role assignment restrictions or ignore client-supplied role parameters, the server accepts the manipulated value and creates the account with SUPER_ADMIN privileges. This allows any unauthenticated attacker to register a fully privileged administrative account.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
Taskosaur 安全漏洞
Vulnerability Description
Taskosaur是Taskosaur开源的一个结合对话式AI的项目管理平台。 Taskosaur 1.0.0版本存在安全漏洞,该漏洞源于用户注册过程中未正确验证角色参数,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A