CVE-2023-43317
Description
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Coign CRM Portal v.06.06 allows remote privilege escalation via the userPermissionsList parameter in Session Storage, enabling an attacker to gain unauthorized admin-level access.
Vulnerability
Coign CRM Portal version 06.06 contains a vulnerability in the Session Storage component where the userPermissionsList parameter can be modified to escalate privileges. The application relies on client-side stored permissions without proper server-side validation, allowing a remote attacker to override their permission set [1].
Exploitation
An attacker with a valid low-privileged account can modify the userPermissionsList in the browser's session storage to include administrative permissions (e.g., permission IDs 1-25). This can be done using browser developer tools or a script. The attacker then refreshes the application to gain elevated access [1].
Impact
Successful exploitation grants the attacker full administrative privileges, allowing access to sensitive data (e.g., user lists, applications, documents), modification of records, and other actions typically restricted to administrators [1].
Mitigation
As of the publication date (2024-01-24), no official fix has been released. Users should monitor for vendor updates and implement server-side permission validation as a workaround [1]. If no longer supported, consider upgrading to a maintained alternative.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Coign/CRM Portaldescription
- Range: =06.06
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
News mentions
0No linked articles in our index yet.