Description
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation's C2 profile configuration including encryption keys and callback parameters.
Problem types
Product status
Any version before 3.4.0.60
Credits
George Chen
References
github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60 (Release Notes)
github.com/its-a-feature/Mythic/issues/564 (Researcher Disclosure)
github.com/...ommit/82648e8241b800a32e1882afc310e7316d98ebaa (Patch Commit)
www.vulncheck.com/...tion-access-via-unverified-payload-uuid