{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/praison-ai/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["praisonai-platform (\u003c= 0.1.2)"],"_cs_severities":["high"],"_cs_tags":["authorization","privilege-escalation","denial-of-service"],"_cs_type":"advisory","_cs_vendors":["Praison AI"],"content_html":"\u003cp\u003eAn authorization bypass vulnerability exists in the praisonai-platform version 0.1.2 and earlier. The vulnerability resides in the \u003ccode\u003eDELETE /workspaces/{workspace_id}/members/{user_id}\u003c/code\u003e endpoint. Due to insufficient access controls, any member of a workspace, regardless of their role, can remove any other member, including the workspace owner. This is because the endpoint is only gated by \u003ccode\u003erequire_workspace_member(workspace_id)\u003c/code\u003e with a default \u003ccode\u003emin_role=\u0026quot;member\u0026quot;\u003c/code\u003e. There is no caller-role check, no target-role check, and no protection against removing the last owner. This lack of proper authorization checks allows a malicious member to lock out the legitimate owner and potentially take over the workspace.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker becomes a member of workspace \u003ccode\u003eW\u003c/code\u003e with the \u0026ldquo;member\u0026rdquo; role.\u003c/li\u003e\n\u003cli\u003eAttacker enumerates members of workspace \u003ccode\u003eW\u003c/code\u003e via \u003ccode\u003eGET /workspaces/W/members\u003c/code\u003e to discover the workspace owner\u0026rsquo;s \u003ccode\u003euser_id\u003c/code\u003e (\u003ccode\u003eO_id\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker sends a \u003ccode\u003eDELETE /workspaces/W/members/O_id\u003c/code\u003e request with their valid JWT.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003erequire_workspace_member(W, attacker)\u003c/code\u003e check passes, as the attacker is a member of the workspace.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eMemberService.remove(W, O_id)\u003c/code\u003e is called, which removes the owner\u0026rsquo;s member record from the database.\u003c/li\u003e\n\u003cli\u003eThe owner attempts to access workspace resources, such as \u003ccode\u003eGET /workspaces/W/...\u003c/code\u003e, but \u003ccode\u003erequire_workspace_member(W, O_id)\u003c/code\u003e now fails, resulting in a 403 error.\u003c/li\u003e\n\u003cli\u003eThe legitimate owner is locked out of their own workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker can potentially combine this with other vulnerabilities (e.g., \u003ccode\u003eupdate_member_role\u003c/code\u003e, \u003ccode\u003edelete_workspace\u003c/code\u003e) to promote themselves to owner and/or completely wipe the workspace, further exacerbating the impact.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows any member of a workspace to remove any other member, including the workspace owner. This leads to a permanent denial-of-service for the legitimate owner, as they are locked out of their own workspace. An attacker can potentially gain full control of the workspace and its resources. This vulnerability is rated as sec-high, with a CVSS score of 8.1. Version 0.1.2 and earlier are affected.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the patch suggested in the advisory, specifically modifying \u003ccode\u003esrc/praisonai-platform/praisonai_platform/api/routes/workspaces.py\u003c/code\u003e to include stricter role checks and owner protection logic.\u003c/li\u003e\n\u003cli\u003eImplement a detection rule to identify unauthorized attempts to remove workspace owners, focusing on \u003ccode\u003ewebserver\u003c/code\u003e logs and the \u003ccode\u003eDELETE /workspaces/{workspace_id}/members/{user_id}\u003c/code\u003e endpoint (see Sigma rule below).\u003c/li\u003e\n\u003cli\u003eReview and harden other workspace-mutation endpoints to ensure proper authorization checks, as the advisory mentions similar vulnerabilities in companion endpoints.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:57:51Z","date_published":"2026-05-29T22:57:51Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-platform-takeover/","summary":"An authorization bypass vulnerability exists in praisonai-platform where any member can remove any other member, including the workspace owner, due to missing role checks and owner protection logic, allowing an attacker to lock the legitimate owner out of their own workspace, leading to a permanent denial-of-service and potential workspace takeover (CVE-2026-47409).","title":"Praison AI Platform Missing Authorization Leads to Workspace Takeover","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-platform-takeover/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["praisonai-platform"],"_cs_severities":["high"],"_cs_tags":["idor","vulnerability","privilege-escalation","collection","impact","cloud"],"_cs_type":"advisory","_cs_vendors":["Praison AI"],"content_html":"\u003cp\u003eThe praisonai-platform is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability affecting label management endpoints. The vulnerability resides in \u003ccode\u003esrc/praisonai-platform/praisonai_platform/services/label_service.py\u003c/code\u003e (lines 35-100) and \u003ccode\u003esrc/praisonai-platform/praisonai_platform/api/routes/labels.py\u003c/code\u003e (lines 42-106), and is tracked as CVE-2026-47414. Specifically, the application fails to validate if the \u003ccode\u003elabel_id\u003c/code\u003e and \u003ccode\u003eissue_id\u003c/code\u003e provided in API requests belong to the workspace associated with the request. Instead, it relies solely on \u003ccode\u003erequire_workspace_member(workspace_id)\u003c/code\u003e for access control, without extending this validation to the data layer. This allows an attacker with valid credentials for one workspace to manipulate labels and issue associations in other workspaces. The affected package is \u003ccode\u003epip/praisonai-platform\u003c/code\u003e with versions 0.1.2 and earlier.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker registers a workspace \u003ccode\u003eW_attacker\u003c/code\u003e and obtains a valid authentication token for this workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies \u003ccode\u003elabel_id\u003c/code\u003e (\u003ccode\u003eL_T\u003c/code\u003e) and \u003ccode\u003eissue_id\u003c/code\u003e (\u003ccode\u003eI_T\u003c/code\u003e) from a target workspace \u003ccode\u003eW_target\u003c/code\u003e. These IDs can be harvested from responses (e.g., \u003ccode\u003elist_labels\u003c/code\u003e for attacker\u0026rsquo;s workspace, or from issue records, activity feeds, exported dumps or error messages of the target workspace).\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ePATCH\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/labels/L_T\u003c/code\u003e with a malicious payload to rename or recolor the label. This bypasses access control because the application only checks the attacker\u0026rsquo;s workspace membership, not whether the label belongs to that workspace.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eLabelService.update(L_T, ...)\u003c/code\u003e function is called, modifying the foreign label in the database without proper authorization, resulting in the label\u0026rsquo;s name and color being changed across the target workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker can send a \u003ccode\u003eDELETE\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/labels/L_T\u003c/code\u003e. The \u003ccode\u003eLabelService.delete(L_T)\u003c/code\u003e function is called, deleting the label from the database and potentially disrupting associations within the target workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003ePOST\u003c/code\u003e request to \u003ccode\u003e/workspaces/W_attacker/issues/I_T/labels/L_T2\u003c/code\u003e to attach a foreign label \u003ccode\u003eL_T2\u003c/code\u003e to a foreign issue \u003ccode\u003eI_T\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003eLabelService.add_to_issue(I_T, L_T2)\u003c/code\u003e function is executed, writing the association row without validating that either the issue or label ID belong to the attacker\u0026rsquo;s workspace.\u003c/li\u003e\n\u003cli\u003eThe attacker now has the ability to rewrite and delete labels from other workspaces, attach arbitrary labels to issues in other workspaces, detach valid labels from issues in other workspaces, and read the current label set on any issue.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this IDOR vulnerability allows an attacker to rename and delete labels across workspaces, attach and detach labels on issues in unauthorized workspaces, and list label assignments for any issue. This can lead to data corruption, disruption of triage workflows due to incorrect labeling, and unauthorized information disclosure. The vulnerability has a CVSS score of 6.3 (sec-moderate) with high integrity damage, low confidentiality impact, and low availability impact. If combined with the IssueService IDOR, an attacker can tamper with both the issue and its labels, making detection even more difficult.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply the suggested fix provided in the advisory to \u003ccode\u003esrc/praisonai-platform/praisonai_platform/services/label_service.py\u003c/code\u003e and \u003ccode\u003esrc/praisonai-platform/praisonai_platform/api/routes/labels.py\u003c/code\u003e to ensure workspace validation for label and issue IDs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Cross-Workspace Label Modification via IDOR\u0026rdquo; to identify malicious \u003ccode\u003ePATCH\u003c/code\u003e requests attempting to modify labels using a workspace ID mismatch.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Cross-Workspace Label Deletion via IDOR\u0026rdquo; to identify malicious \u003ccode\u003eDELETE\u003c/code\u003e requests attempting to delete labels using a workspace ID mismatch.\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003epip/praisonai-platform\u003c/code\u003e to a version greater than 0.1.2 to mitigate CVE-2026-47414.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-29T22:51:38Z","date_published":"2026-05-29T22:51:38Z","id":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor/","summary":"Praison AI's praisonai-platform is vulnerable to an insecure direct object reference (IDOR) in the label endpoints (CVE-2026-47414), allowing cross-workspace label modification and information disclosure due to improper validation of label and issue IDs.","title":"praisonai-platform: Cross-Workspace Label IDOR Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-praisonai-idor/"}],"language":"en","title":"CraftedSignal Threat Feed — Praison AI","version":"https://jsonfeed.org/version/1.1"}