Summary
Daytona: Cross-org IDOR in organization role update/delete — any org owner can rewrite or destroy another org's roles
References
Related vulnerabilities
All Supply chain →- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- HIGHGHSA-VRHC-3FR6-PC3C
Open WebUI: Forged chat-file link allows cross-user file read and deletion
- MEDIUMGHSA-QWXF-2M7M-2M3X
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join
- MEDIUMGHSA-P5CP-R7RG-QPXC
Open WebUI: RAG ACL Bypass in Milvus Multitenancy Mode
- MEDIUMGHSA-CX9V-4QJ2-JRW6
Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File Enumeration
- MEDIUMGHSA-4R4W-2WGP-W7CJ
Open WebUI Prompt history IDOR: unbound history_id allows cross-prompt read and deletion