๐ HackerOne: Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token.
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Details Title: Improper data update process on UpdatePhabricatorIntegration mutation leads to leak of Phabricator Conduit API token. Risk: High Impact: High Exploitability: High Target: base_url parameter on UpdatePhabricatorIntegration mutation at /graphql endpoint. Introduction Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information. Synopsis Phabricator Conduit API is using simple verification system and requires a valid api token for system bots, integrations etc to get full access to the Phabricator instances. HackerOne is allowing their program users to add various integrations for their programs, such as Phabricator. When user with enough permissions adds connection details for the Phabricator system stores this information and enables settings options. Settings for Phabricator integration are fetched through GraphQL via using PhabricatorLayoutQuery operation, when executed users are fetching similar result as below (see F1262314): json { "data": { "team": { "id": "Z2lkOi8vaGFja2Vyb25lL1RlYW0vNTI1NzQ=", "phabricator_integration": { "id": "Z2lkOi8vaGFja2Vyb25lL1BoYWJyaWNhdG9ySW50ZWdyYXRpb24vNDA1", "__typename": "PhabricatorIntegration", "base_url": "https://skima.is/", "title": "{{title}}", "description": "{{details_markdown}}", ... ...