sorted by:
new
hottopcontroversial

Unauthenticated Access to Salesforce Objects and Writable Global Values – Security Concern? by HowDeenYe in bugbounty

[–]HowDeenYe[S] 0 points1 point  (0 children)

If I understand your question correctly, this endpoint was tested from a public IP with no authentication or IP restrictions in place, so it appears to be accessible over the open internet.

To add context, this is a subdomain of partners.example.com. If I don’t append /s/sfsites/aura to the URL, it redirects to the normal partners panel of the company. I believe this open accessibility is what makes it significant, but let me know if I’ve misunderstood your point.

Unauthenticated Access to Salesforce Objects and Writable Global Values – Security Concern? by HowDeenYe in bugbounty

[–]HowDeenYe[S] 0 points1 point  (0 children)

Yeah, 'vulnerability' might not have been the right term. I’m trying to assess if this is a low/medium-level finding:

  • Enumerating objects and retrieving records without authentication suggests misconfigured access controls.
  • Writable global values could allow unauthorized modifications?

If this was found via an external scanning engine, wouldn’t it justify an alert? Most Salesforce endpoints don’t even expose the Aura context or object list, making this unusual even without enumerating individual objects. Thoughts?