Miggo Logo

GHSA-3hfj-qcvj-4hx8: Leantime has Missing Authorization Check for Host Parameter

N/A

CVSS Score

Basic Information

CVE ID
-
EPSS Score
-
Published
2/21/2025
Updated
2/21/2025
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
leantime/leantimecomposer< 3.33.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from a missing authorization check when fetching user profiles. In Leantime's architecture, user profile handling is typically managed by a Users controller. The description explicitly references a 'Host' parameter manipulation, which suggests the function uses this parameter to identify the target user but fails to validate() if the current user has permission to view that data. While the exact code isn't available, the pattern aligns with common authorization flaws in MVC frameworks where user-controlled parameters are trusted without checks. The confidence is medium due to reliance on standard vulnerability patterns and the advisory's technical description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### *in*in* **s*ription *ppli**tion **s *un*tion*lity *or * us*r to vi*w pro*il* in*orm*tion. It *o*s not **v* *n impl*m*nt** *ut*oriz*tion ****k *or "*ost" p*r*m*t*r w*i** *llows * us*r to vi*w pro*il* in*orm*tion o* *not**r us*r *y r*pl**in* "*ost"

Reasoning

T** vuln*r**ility st*ms *rom * missin* *ut*oriz*tion ****k w**n **t**in* us*r pro*il*s. In L**ntim*'s *r**it**tur*, us*r pro*il* **n*lin* is typi**lly m*n**** *y * `Us*rs` *ontroll*r. T** **s*ription *xpli*itly r***r*n**s * '*ost' p*r*m*t*r m*nipul*t