Function level access control vulnerabilities could result from insufficient protection of sensitive request handlers within an application. An application may simply hide access to sensitive actions, fail to enforce sufficient authorization for certain actions, or inadvertently expose an action through a user-controlled request parameter. These vulnerabilities could be much more complex and be the result of subtle edge-cases in the underlying application logic.
On GitHub.com we utilize a number of approaches to protect against function level access control vulnerabilities. These include things such as controller level access control checks using Rails’ filter chain as well as per-action access control checks where appropriate.
More about function level access vulnerabilities from OWASP’s Top 10:
Applications do not always protect application functions properly. Sometimes, function level protection is managed via configuration, and the system is misconfigured. Sometimes, developers must include the proper code checks, and they forget.
|1||1000 pts Antonio Sanso Creating verified commits for arbitrary emails using web commits|
|2||5000 pts Kamil Hismatullin Bypass OAuth access policy on GraphQL API|
|3||2000 pts Dylan Katz XSS on render.githubusercontent.com through filename in ipynb|
|4||1000 pts Kamil Hismatullin Insufficient authorization check when previewing non-code files|
|5||2000 pts Teddy Katz Insufficient token scope checks for Gist access via Git|