Executive Summary

CVE-2026-31151 affects Kaleris YMS version 7.2.2.1, a web application for yard management. The vulnerability is in the login mechanism for the Driver User Role, which has two separate login URLs: one at /general/home and another at /truck (YMS Truck Display URL). Each URL requires separate credentials, but due to improper verification, a driver authenticated on one URL can bypass the login panel on the other URL and access its functionalities without re-entering credentials.

The exploitation involves logging in as a Driver User on the /truck URL, then opening the /general/home URL in a new browser tab within the same session. The driver can then access the dashboard of the second URL without submitting login credentials again, effectively bypassing login verification.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows an attacker with valid credentials on one part of the application to bypass login verification on another part, gaining unauthorized access to resources and functionalities they should not have access to.

Such unauthorized access can lead to exposure of sensitive information, manipulation of application data, or misuse of application features, potentially compromising the security and integrity of the yard management system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by verifying if a valid session cookie from one login URL allows access to the other login URL without re-authentication.

To test this, first log in as a Driver User at the `/truck` URL, then attempt to access `/general/home` in the same browser session without logging in again.

A practical detection method involves capturing HTTP requests and responses using tools like curl or a web proxy to check if the session cookie from `/truck` grants access to `/general/home`.

• Use curl to log in to `/truck` and save the session cookie: curl -c cookies.txt -X POST https://<target>/truck/login -d 'username=driver&password=yourpassword'
• Use curl with the saved cookie to access `/general/home`: curl -b cookies.txt https://<target>/general/home

If the response from `/general/home` indicates access without requiring login, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected URLs and enforcing separate session management for each login URL.

Administrators should ensure that session cookies from one login URL are not valid for the other URL, effectively isolating authentication contexts.

If possible, apply any available patches or updates from the vendor addressing this authentication bypass.

As a temporary measure, consider implementing additional access controls or network segmentation to limit exposure of the affected application.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Kaleris YMS v7.2.2.1 allows attackers to bypass login verification and gain unauthorized access to application resources. This unauthorized access could lead to exposure or misuse of sensitive data managed by the application.

Such unauthorized access may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information. Failure to properly authenticate users and prevent unauthorized access could result in violations of these regulations.

Useful 0 Not Useful 0