CVE-2023-50713 – Speckle Server API Token Privilege Escalation

https://notcve.org/view.php?id=CVE-2023-50713

Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in versions prior to 2.17.6 affects users who: authorized an application which requested a 'token write' scope or, using frontend-2, created a Personal Access Token (PAT) with `token write` scope. When creating a new token an agent needs to authorise the request with an existing token (the 'requesting token'). The requesting token is required to have token write scope in order to generate new tokens. However, Speckle server was not verifying that other privileges granted to the new token were not in excess of the privileges of the requesting token. • https://github.com/specklesystems/speckle-server/commit/3689e1cd58ec4f06abee836af34889d6ce474571 https://github.com/specklesystems/speckle-server/releases/tag/2.17.6 https://github.com/specklesystems/speckle-server/security/advisories/GHSA-xpf3-5q5x-3qwh • CWE-1220: Insufficient Granularity of Access Control •