[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.25.2\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.27.4\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n
Product<\/strong>: agorum core open Agorum core open fails to check for administrative credentials on a large list of endpoints, allowing low privileged users to access admin functionality. This includes downloading server logs and stack traces, mass deleting files, changing access rights on uploaded files and more. The following endpoints and their functionality can be accessed as a low privileged user.<\/p>\n Furthermore, the endpoints listed below can be accessed without authentication on the first launch after a fresh installation.<\/p>\n <\/p>\n The following line can be added or adjusted in the given .jsp<\/strong> files to restrict access to administrative users only.<\/p>\n Users of agorum core open can upgrade to versions 11.9.2 or 11.10.1.<\/p>\n
Affected Version<\/strong>: 1.9.1.3-1857
Vulnerability Type<\/strong>: Incorrect Authorization (CWE-863)
Security Risk<\/strong>: High
Vendor<\/strong>: agorum\u00ae Software GmbH
Vendor URL<\/strong>: https:\/\/www.agorum.com\/<\/a>
Vendor acknowledged vulnerability<\/strong>: Yes
Vendor Status<\/strong>: Fixed
CVE Number<\/strong>: Requested
CVE Link<\/strong>: Requested
Advisory ID<\/strong>: usd-2025-0028<\/p>\nDescription<\/h3>\n
Additionally, after the first launch of a fresh installation, some of these endpoints are accessible without any authentication whatsoever. This allows for the listing of directories and endpoints in agorum core open, as well as downloading server logs and stack traces.<\/p>\nProof of Concept<\/h3>\n
\n
\n
Fix<\/h3>\n
<\/span>if<\/span> <\/span>(<\/span>sessionController<\/span> <\/span>!=<\/span> <\/span>null<\/span> <\/span>&&<\/span> <\/span>sessionController<\/span>.<\/span>isAdminEnabled<\/span>())<\/span> <\/span>{<\/span> <\/span>...<\/span> <\/span>}
<\/span><\/pre>\n<\/div>\n<\/h3>\n
<\/h3>\n
References<\/h3>\n