Lädt...


🕵️ Logitech: Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]


Nachrichtenbereich: 🕵️ Sicherheitslücken
🔗 Quelle: vulners.com


image
Hi Security team, Summary: I was able as Administrator to change the account owner access token Description: As Administrator i have high privileges but i have some restricted areas {F1278364} For example i got invitation from MrX with Administrator role. When i navigated to MrX account as administrator i found all the menu items except the settings {F1278370} so i tried to navigate to dashboard/#settings and i was able to access MrX's account settings! {F1278399} I tried to use many features but couldn't but found on API Settings --> API Tokens some cool feature allowed me to Refresh API Access Token which is part of a lot of requests (will describe on the impact section) Steps to reproduce: we need 2 accounts - MrX (account owner) - MrMax 1. Using MrX account go to https://streamlabs.com/dashboard#/settings/shared-access and create invitation with administration role, Copy the link 2. Open the link on your other browser which you are logged in as MrMax, accept the invite then click on MrXto access his account {F1278374} 3. You will get message on the top says You are currently acting as MrX, click here to return to MrMax. , now navigate to https://streamlabs.com/dashboard#/settings/api-settings you well see empty Access token field , click on Refresh then yes {F1278380} Done ^ ^ Impact The API Access Token is used in most of API requests and a lot of other places e.g. {F1278381} Here is a list of URLs the token used on , This list represents about 80% of the... ...

🕵️ Logitech: GET based Open redirect on [streamlabs.com/content-hub/streamlabs-obs/search?query=]


📈 57.37 Punkte
🕵️ Sicherheitslücken

🕵️ Logitech: Manipulating response leads to free access to Streamlabs Prime


📈 49.16 Punkte
🕵️ Sicherheitslücken

💾 Streamlabs Desktop (ehem. Streamlabs OBS) 1.9.0 Deutsch


📈 47.08 Punkte
💾 Downloads

🕵️ Logitech: Moderator shared access allows access to support.streamlabs.com


📈 43.37 Punkte
🕵️ Sicherheitslücken

🕵️ Logitech: Sensitive information disclosure to shared access user via streamlabs platform api


📈 38.6 Punkte
🕵️ Sicherheitslücken

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 35.78 Punkte
🔧 Programmierung

🪟 You can now go live on TikTok from a desktop using Logitech’s Streamlabs


📈 33.83 Punkte
🪟 Windows Tipps

🕵️ Logitech: SSRF allows reading AWS EC2 metadata using "readapi" variable in Streamlabs Cloudbot


📈 33.83 Punkte
🕵️ Sicherheitslücken

🕵️ Logitech: Stored XSS in [https://streamlabs.com/dashboard#/*goal] pages


📈 33.83 Punkte
🕵️ Sicherheitslücken

🪟 Logitech agrees to acquire Streamlabs for approximately $89 million


📈 33.83 Punkte
🪟 Windows Tipps

📰 Logitech kauft Streaming-Anbieter Streamlabs


📈 33.83 Punkte
📰 IT Nachrichten

📰 Logitech übernimmt US-Firma Streamlabs


📈 33.83 Punkte
📰 IT Nachrichten

🕵️ CVE-2022-36263 | StreamLabs Desktop Application 1.9.0/64.exe obs64.exe access control


📈 32.37 Punkte
🕵️ Sicherheitslücken

🕵️ South Park Token Token mintToken Smart Contract privilege escalation


📈 28.98 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Node Token Ethereum ERC20 Token mintToken Smart Contract privilege escalation


📈 28.98 Punkte
🕵️ Sicherheitslücken

🕵️ Internet Node Token Ethereum ERC20 Token sell sellPrice privilege escalation


📈 28.98 Punkte
🕵️ Sicherheitslücken

🕵️ Useless Ethereum Token Ethereum ERC20 Token transferFrom _value privilege escalation


📈 28.98 Punkte
🕵️ Sicherheitslücken

🕵️ DomainMod up to 4.11.01 account-owner.php Owner name cross site scripting


📈 26.8 Punkte
🕵️ Sicherheitslücken

🔧 Access Token & Refresh Token: A Breakdown


📈 26.09 Punkte
🔧 Programmierung

🔧 FastAPI Beyond CRUD Part 11 - JWT Authentication (Renew User Access Using Refresh Token Token)


📈 26.09 Punkte
🔧 Programmierung

🐧 Logitech Lights Script - Control your Logitech keyboard's leds from Javascript


📈 24.64 Punkte
🐧 Linux Tipps

🕵️ CVE-2024-42021 | Veeam ONE up to 12.1.0.3208 Access Token access control (kb4649)


📈 24.26 Punkte
🕵️ Sicherheitslücken

🕵️ JetBrains TeamCity prior 2020.2.1 Access Token access control


📈 24.26 Punkte
🕵️ Sicherheitslücken

🕵️ Red Hat KeyCloak up to 12.x Access Token access control


📈 24.26 Punkte
🕵️ Sicherheitslücken

🕵️ Spotify Premium Hits | Family Owner | Token Added x375


📈 24.06 Punkte
🕵️ Hacking

🍏 Crime Blotter: Apple Store sting leads to arrest for gym owner


📈 23.97 Punkte
🍏 iOS / Mac OS

💾 Streamlabs OBS 0.19.4 Beta Deutsch


📈 23.54 Punkte
💾 Downloads

matomo