Users can add themselves to any organization in CloudExplorer Lite
Description
CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CloudExplorer Lite <=1.0.2 allows any user to add themselves to arbitrary organizations due to missing server-side permission checks on profile updates.
Vulnerability
CloudExplorer Lite, an open source cloud management tool, contains a missing permission check in the user profile functionality. The server does not validate whether the requesting user is allowed to select or change their organization membership. Affected versions: <= 1.0.2 [1].
Exploitation
An attacker with a valid user account can modify their own profile. On the interface, only the user's current organization is visible, but by intercepting the request (e.g., with Burp Suite) and replacing the organization ID with that of a target organization not assigned to the user, the server executes the request without verifying that the user is authorized for the new organization [1]. The attacker needs network access to intercept and modify API requests.
Impact
Successful exploitation allows a user to add themselves to any organization in the system, gaining membership and potentially inheriting roles and permissions associated with that organization, leading to unauthorized access to resources and data that should be restricted.
Mitigation
The vulnerability is fixed in version v1.1.0 [1]. Users should upgrade to v1.1.0 or later. No other workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CloudExplorer-Dev/CloudExplorer-Litev5Range: < 1.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-cp3j-437h-4vwjmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.