Advisory ID: DOPPLER-PSA-2021-001 Publication Date: 2021-09-30 Revision Date: 2021-09-30 Status: Confirmed, Fixed Document Revision: 1
Doppler has found and resolved an issue that allowed users on a workspace to exceed their privileges against some endpoints. Customers are not required to take any action in response to this issue.
Doppler discovered the issue internally on Wednesday, September 22, 2021. Doppler delivered a fix to production and confirmed the issue had not been exploited by the next day, Thursday, September 23, 2021.
After comprehensive review of application activity logs, Doppler found no evidence of any customer having been affected by this issue.
Doppler's Engineering Team discovered that certain endpoints on our server API (for managing SCIM and for creating tokens for the SCIM and Audit APIs) had a code defect that allowed users belonging to a workplace to bypass permissions checks. Doppler Engineering confirmed that the issue was only exploitable against workplaces to which an attacker is a member.
An attacker with an account on a workspace could have changed SCIM settings and created tokens for use with the SCIM and Audit APIs.
A code fix remediating this vulnerability has already been deployed to the Doppler infrastructure. No action is necessary from customers. No exploitation occurred so no further remediation is necessary.
Vulnerability Class: CWE-285: Improper Authorization Remotely Exploitable: Yes Authentication Required: Yes Severity: High CVSSv3.1 Overall Score: 8.8 CVSSv3.1 Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Sep. 22, 2021 03:29 AM UTC
Doppler Engineering notifies Doppler's Security Team about the issue.
Sep. 22, 2021 03:25 PM UTC
Doppler identifies and confirms the root cause.
Sep. 23, 2021 12:19 AM UTC
Doppler completes deployment of patched code to production and verifies the issue no longer exists.