StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never verifies that the caller owns the target account (id !== userData.user.id). Any authenticated visitor can modify notification preferences for any user, including disabling admin notifications to suppress detection of malicious activity. This vulnerability is fixed in 0.4.3.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

通过用户控制密钥绕过授权机制

StudioCMS 安全漏洞

StudioCMS是StudioCMS开源的一个内容管理系统。 StudioCMS 0.4.3之前版本存在安全漏洞，该漏洞源于updateUserNotifications端点存在访问控制不当问题，可能导致任何经过身份验证的用户修改其他用户的通知偏好。

N/A

N/A