{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/praisonai-platform/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["praisonai-platform"],"_cs_severities":["high"],"_cs_tags":["idor","vulnerability","privilege-escalation","collection","impact","cloud"],"_cs_type":"advisory","_cs_vendors":["Praison AI"],"content_html":"\u003cp\u003eThe praisonai-platform is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability affecting label management endpoints. The vulnerability resides in \u003ccode\u003esrc/praisonai-platform/praisonai_platform/services/label_service.py\u003c/code\u003e (lines 35-100) and \u003ccode\u003esrc/praisonai-platform/praisonai_platform/api/routes/labels.py\u003c/code\u003e (lines 42-106), and is tracked as CVE-2026-47414. Specifically, the application fails to validate if the \u003ccode\u003elabel_id\u003c/code\u003e and \u003ccode\u003eissue_id\u003c/code\u003e provided in API requests belong to the workspace associated with the request. Instead, it relies solely on \u003ccode\u003erequire_workspace_member(workspace_id)\u003c/code\u003e for access control, without extending this validation to the data layer. This allows an attacker with valid credentials for one workspace to manipulate labels and issue associations in other workspaces. The affected package is \u003ccode\u003epip/praisonai-platform\u003c/code\u003e with versions 0.1.2 and earlier.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker registers a workspace \u003ccode\u003eW_attacker\u003c/code\u003e and obtains a valid authentication token for this workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies \u003ccode\u003elabel_id\u003c/code\u003e (\u003ccode\u003eL_T\u003c/code\u003e) and \u003ccode\u003eissue_id\u003c/code\u003e (\u003ccode\u003eI_T\u003c/code\u003e) from a target workspace \u003ccode\u003eW_target\u003c/code\u003e. These IDs can be harvested from responses (e.g., \u003ccode\u003elist_labels\u003c/code\u003e for attacker\u0026rsquo;s workspace, or from issue records, activity feeds, exported dumps or error messages of the target workspace).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ePATCH\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/labels/L_T\u003c/code\u003e with a malicious payload to rename or recolor the label. This bypasses access control because the application only checks the attacker\u0026rsquo;s workspace membership, not whether the label belongs to that workspace.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eLabelService.update(L_T, ...)\u003c/code\u003e function is called, modifying the foreign label in the database without proper authorization, resulting in the label\u0026rsquo;s name and color being changed across the target workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker can send a \u003ccode\u003eDELETE\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/labels/L_T\u003c/code\u003e. The \u003ccode\u003eLabelService.delete(L_T)\u003c/code\u003e function is called, deleting the label from the database and potentially disrupting associations within the target workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/issues/I_T/labels/L_T2\u003c/code\u003e to attach a foreign label \u003ccode\u003eL_T2\u003c/code\u003e to a foreign issue \u003ccode\u003eI_T\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eLabelService.add_to_issue(I_T, L_T2)\u003c/code\u003e function is executed, writing the association row without validating that either the issue or label ID belong to the attacker\u0026rsquo;s workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker now has the ability to rewrite and delete labels from other workspaces, attach arbitrary labels to issues in other workspaces, detach valid labels from issues in other workspaces, and read the current label set on any issue.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this IDOR vulnerability allows an attacker to rename and delete labels across workspaces, attach and detach labels on issues in unauthorized workspaces, and list label assignments for any issue. This can lead to data corruption, disruption of triage workflows due to incorrect labeling, and unauthorized information disclosure. The vulnerability has a CVSS score of 6.3 (sec-moderate) with high integrity damage, low confidentiality impact, and low availability impact. If combined with the IssueService IDOR, an attacker can tamper with both the issue and its labels, making detection even more difficult.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested fix provided in the advisory to \u003ccode\u003esrc/praisonai-platform/praisonai_platform/services/label_service.py\u003c/code\u003e and \u003ccode\u003esrc/praisonai-platform/praisonai_platform/api/routes/labels.py\u003c/code\u003e to ensure workspace validation for label and issue IDs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Cross-Workspace Label Modification via IDOR\u0026rdquo; to identify malicious \u003ccode\u003ePATCH\u003c/code\u003e requests attempting to modify labels using a workspace ID mismatch.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Cross-Workspace Label Deletion via IDOR\u0026rdquo; to identify malicious \u003ccode\u003eDELETE\u003c/code\u003e requests attempting to delete labels using a workspace ID mismatch.\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003epip/praisonai-platform\u003c/code\u003e to a version greater than 0.1.2 to mitigate CVE-2026-47414.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:51:38Z","date_published":"2026-05-29T22:51:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor/","summary":"Praison AI's praisonai-platform is vulnerable to an insecure direct object reference (IDOR) in the label endpoints (CVE-2026-47414), allowing cross-workspace label modification and information disclosure due to improper validation of label and issue IDs.","title":"praisonai-platform: Cross-Workspace Label IDOR Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["PraisonAI Platform"],"_cs_severities":["critical"],"_cs_tags":["authorization","privilege-escalation","workspace-bypass"],"_cs_type":"threat","_cs_vendors":["PraisonAI"],"content_html":"\u003cp\u003ePraisonAI Platform is vulnerable to an object-level authorization flaw in its workspace-scoped REST routes. This vulnerability, disclosed on May 29, 2026, allows an authenticated user belonging to one workspace (e.g., \u003ccode\u003eworkspace_attacker\u003c/code\u003e) to bypass intended access controls and interact with objects (agents, projects, issues, comments) belonging to another workspace (e.g., \u003ccode\u003eworkspace_victim\u003c/code\u003e). The vulnerability stems from the service layer resolving target objects by global UUID without validating workspace membership after initial authorization, leading to a breach of workspace isolation. Successful exploitation enables unauthorized data access, modification, and deletion, impacting data confidentiality, integrity, and availability across different workspaces in the PraisonAI Platform.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker creates an account on the PraisonAI Platform.\u003c/li\u003e\n\u003cli\u003eAttacker logs into the PraisonAI Platform and creates a workspace named \u003ccode\u003eworkspace_attacker\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eVictim creates an account on the PraisonAI Platform.\u003c/li\u003e\n\u003cli\u003eVictim logs into the PraisonAI Platform and creates a workspace named \u003ccode\u003eworkspace_victim\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eVictim creates an agent (or project, issue, or comment) within \u003ccode\u003eworkspace_victim\u003c/code\u003e, obtaining the global UUID of the object (\u003ccode\u003evictim_agent_id\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a request to a workspace-scoped route (e.g., \u003ccode\u003e/api/v1/workspaces/{workspace_attacker}/agents/{victim_agent_id}\u003c/code\u003e) supplying their workspace ID and the victim\u0026rsquo;s object UUID.\u003c/li\u003e\n\u003cli\u003eThe server authenticates the attacker based on their membership in \u003ccode\u003eworkspace_attacker\u003c/code\u003e, but retrieves the victim\u0026rsquo;s object from \u003ccode\u003eworkspace_victim\u003c/code\u003e using the provided UUID without validating its workspace association.\u003c/li\u003e\n\u003cli\u003eAttacker reads, modifies, or deletes the victim\u0026rsquo;s object, successfully breaching workspace isolation.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows an attacker with access to any workspace to access, modify, and delete data belonging to other workspaces within the PraisonAI Platform. This could lead to unauthorized data breaches, data corruption, and denial of service for legitimate users. The number of affected users and organizations depends on the deployment size of the PraisonAI Platform.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PraisonAI Platform Cross-Workspace Agent Access\u003c/code\u003e to identify attempts to access agents in different workspaces based on workspace ID and agent ID.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect PraisonAI Platform Cross-Workspace Project Access\u003c/code\u003e to identify attempts to access projects in different workspaces based on workspace ID and project ID.\u003c/li\u003e\n\u003cli\u003eExamine webserver logs for unusual patterns in requests to the agent, project, issue, and comment API routes to detect potential exploitation attempts (logsource: webserver).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:39:55Z","date_published":"2026-05-29T22:39:55Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-workspace-bypass/","summary":"PraisonAI Platform's workspace-scoped REST routes have an object-level authorization flaw allowing authenticated users from one workspace to access, modify, and delete objects in another workspace by providing the victim object's global UUID.","title":"PraisonAI Platform Workspace Cross-Access Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-workspace-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Praisonai-Platform","version":"https://jsonfeed.org/version/1.1"}