CVE-2026-24035
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| horilla | horilla | 1.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control issue in Horilla HR Software versions 1.4.0 up to but not including 1.5.0. It allows any authenticated employee to upload documents on behalf of another employee without proper authorization. This happens because the server does not properly validate the employee_id parameter during file upload operations, enabling an attacker to modify the employee_id in the upload request to impersonate another employee and upload documents as if they were that employee. [2]
How can this vulnerability impact me? :
The vulnerability allows any authenticated user to upload documents on behalf of any other employee, which compromises data integrity by enabling unauthorized modification of employee records. This could lead to incorrect or malicious documents being associated with employees, potentially causing confusion, misinformation, or misuse of employee data within the HR system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious POST requests to the endpoint `/employee/file-upload/6` that include a manipulated `employee_id` parameter in the multipart/form-data payload. Specifically, look for authenticated users submitting upload requests where the `employee_id` does not match their own. Commands to detect this could include using network traffic analysis tools like tcpdump or Wireshark to capture HTTP POST requests and then filtering for the `/employee/file-upload/6` endpoint and examining the `employee_id` field in the request payload. For example, using tcpdump: `tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep -i 'employee/file-upload/6'` and then manually inspecting the multipart form data for unauthorized `employee_id` values. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Horilla HR Software to version 1.5.0 or later, where this improper access control vulnerability has been fixed. Until the upgrade can be performed, restrict access to the file upload endpoint to only trusted users and monitor for suspicious upload activity. Additionally, consider implementing network-level controls to detect and block manipulated POST requests with unauthorized `employee_id` parameters. [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows any authenticated employee to upload documents on behalf of another employee without proper authorization, compromising data integrity by enabling unauthorized modification of employee records. This improper access control could lead to non-compliance with standards and regulations such as GDPR and HIPAA, which require strict controls over personal and sensitive data to ensure its integrity and prevent unauthorized access or modification. [2]