Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-31874 is a critical vulnerability in the Taskosaur project management platform version 1.0.0. The issue arises because the application does not properly validate or restrict the 'role' parameter during user registration. An attacker can manipulate the registration request payload to assign themselves elevated privileges, specifically the SUPER_ADMIN role."}, {'type': 'paragraph', 'content': 'Since the backend accepts the client-supplied role parameter without enforcement or ignoring it, it creates the account with full administrative privileges. This means any unauthenticated attacker can register a fully privileged administrative account, bypassing normal access controls.'}] [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an unauthenticated attacker to gain full administrative access to the Taskosaur application by registering an account with SUPER_ADMIN privileges. This can lead to complete compromise of the system.

• Unauthorized creation, modification, or deletion of user accounts.
• Access to sensitive data and administrative endpoints.
• Potential full control over the application, including data integrity and availability.

The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity with high impact on confidentiality, integrity, and availability.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring registration requests to the Taskosaur application for suspicious role assignments. Specifically, look for registration payloads that include a role parameter with elevated privileges such as "SUPER_ADMIN".'}, {'type': 'paragraph', 'content': 'One way to detect exploitation attempts is to intercept and inspect HTTP requests to the registration endpoint using a proxy tool like Burp Suite or similar.'}, {'type': 'paragraph', 'content': 'You can also search server logs or audit trails for user accounts created with the SUPER_ADMIN role that were registered without proper authorization.'}, {'type': 'list_item', 'content': 'Use a network capture tool (e.g., tcpdump or Wireshark) to capture HTTP POST requests to the registration endpoint and filter for payloads containing the role parameter.'}, {'type': 'list_item', 'content': 'Example command to capture HTTP POST requests on port 80 or 443 (adjust as needed):'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'list_item', 'content': 'Search captured logs or files for the string "role":"SUPER_ADMIN" to identify unauthorized role assignments.'}, {'type': 'list_item', 'content': 'If you have access to the database, query the users table for accounts with the SUPER_ADMIN role created recently or suspiciously.'}] [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include enforcing strict role assignment controls during user registration to prevent clients from specifying roles.

Specifically, the application should be updated to remove the role parameter from the registration data transfer object (DTO) and assign a default role such as MEMBER to all new users.

Implement role-based access control (RBAC) guards to restrict access to sensitive endpoints only to authorized roles like SUPER_ADMIN.

Restrict critical user management endpoints (create, findAll, delete) to SUPER_ADMIN users only, and prevent non-SUPER_ADMIN users from changing roles.

Until a patch is applied, monitor registration requests for suspicious role parameters and consider temporarily disabling public registration if feasible.

Follow the OWASP Mass Assignment Cheat Sheet recommendations to properly restrict role assignments during registration.

Useful 0 Not Useful 0