go-admin-server icon indicating copy to clipboard operation
go-admin-server copied to clipboard

Published 20 hours ago verified publisher icon anerg2046

Race Condition Vulnerabilit that making user lose privileges

Open superoo1 opened this issue 2 years ago • 1 comments

code in https://github.com/anerg2046/go-admin-server/blob/master/app/http/repo/Role.go , the function Assign . when giving someone privileges it will remove the user's all privileges first. In some Race Conditions , it will make user lose privileges rce_condition

exploit: requests the api in 50 threads , threads

comm users has no privileges,and the slow sql log see delete all the user's casbin_rule

slow_log and you can not login the system . cant_login

superoo1 avatar Aug 03 '23 03:08 superoo1

已修改casbin为多协程模式,请更新子模块lib,实际上这个问题核心是casbin的问题,因为最终要落到数据库,如果数据库操作出问题了,casbin的权限管理就会出问题。不过一般来说,对用户的权限操作不会出现并发问题。

anerg2046 avatar Aug 03 '23 07:08 anerg2046