DTStack
Unauthorized access existed in the Taier. Procedure
Search before asking
- [X] I had searched in the issues and found no similar issues.
What happened
Taier unauthorized access holes exist in the login module, the vulnerability is the result of execution scheduling application getCookie method for passing parameters content not no check users belonging to this platform, to any user can access/Taier/API/tenant/listTenant interface to steal the tenant's data within the application platform, And have access to all the sensitive information on the application form.
What you expected to happen
How to reproduce
tsx finds the getCookie method in init. TSX. It can be seen that the getCookie method does not verify whether the content of the passed parameter belongs to the user of this platform
Anything else
No response
Version
v1.3
Are you willing to submit PR?
- [X] Yes I am willing to submit a PR!
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
You're welcome. Don't close this issue any time soon.
sure! We will close this ISSUE after solving this problem, and we also welcome any PR from you, whether it is docs, feat, bug fixed! At the same time, there may be more changes that need to be made to address this issue, and we need to arrange more time to sort out each API