Another day, another #cybersecurity #vulnerability #disclosure: Thomson Reuters C-Track #court eFiling.
An insufficient permission check vulnerability in the C-Track eFiling system allowed users to assign themselves privileged roles, such as "Clerk," during the registration process. By manipulating form data, attackers could gain unauthorized access to administrative functionalities and sensitive court data.
https://govtech.cc/README-2024-09-26-thomson-reuters-ctrack.md
(For those counting, this marks the thirteenth vulnerable court platform.)
#infosec
Jason Parker /
npub17c…lxk5s
2024-09-26 14:12:44
Author Public Key
npub17csmz6jrsukee599d54v88l56a79med2zaeyq5psf0hj6jrkmatsnlxk5sPublished at
2024-09-26 14:12:44Event JSON
{
"id": "009e42eb5cf0b83b1cadb60f4fa5f37a7867aa65867ee9e736fc5c0ed12c5cee",
"pubkey": "f621b16a43872d9cd0a56d2ac39ff4d77c5de5aa17724050304bef2d4876df57",
"created_at": 1727359964,
"kind": 1,
"tags": [
[
"t",
"cybersecurity"
],
[
"t",
"vulnerability"
],
[
"t",
"disclosure"
],
[
"t",
"court"
],
[
"t",
"infosec"
],
[
"proxy",
"https://xn--8r9a.com/users/north/statuses/113204262608153017",
"activitypub"
]
],
"content": "Another day, another #cybersecurity #vulnerability #disclosure: Thomson Reuters C-Track #court eFiling.\n\nAn insufficient permission check vulnerability in the C-Track eFiling system allowed users to assign themselves privileged roles, such as \"Clerk,\" during the registration process. By manipulating form data, attackers could gain unauthorized access to administrative functionalities and sensitive court data.\n\nhttps://govtech.cc/README-2024-09-26-thomson-reuters-ctrack.md\n\n(For those counting, this marks the thirteenth vulnerable court platform.)\n\n#infosec",
"sig": "6eaa3e41653a23a3c8b7318fc37c32a3d7b81facdc1e545a9bb3a17678432842ef46308cf072113d928f407e9de41b97caf9e631c6006caa1eb503596e339e62"
}