In Veracode Detailed Report This following two db collection generating security issue.
- Db.collections.SharedWorkflow
- Db.collections.User
can you assist me to solved this Authorization Bypass Through User-Controlled Key issue.
Hey @Tanay_Acro,
Can you share exactly what Veracode is reporting as an issue? I suspect it is a false positive which pop up a lot when using automated tools.
Hey @Tanay_Acro,
I would start with an upgrade, Looking at that description I am not sure how it would apply to those tables though.
In theory you could make a request to a different ID but you won’t get the credentials back it will instead throw an error and it would also require you to be authenticated unless you are the owner account which has access to everything, This issue looks like it is saying by setting the id in the request you can gain access to something you shouldn’t which isn’t the case.
To me it looks like a false positive but you are also on an older release and we have made a few changes since that one.
Hi @Jon ,
It’s that issue is fixed on newer version. If yes then which version I need to upgrade can you assist me.
thank you.
Hey @Tanay_Acro,
You can try the latest release and check again but the information you provided is so vague with no PoC or validation it is hard to say.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.