Impact
The endpoint /public/modify-subscription accepts a signed token but does not verify the token’s intended purpose. As a result, an unauthenticated requester can trigger subscription‑enforcement side effects on the organization referenced in the token’s claims. These side effects include disabling integrations that exceed the asserted plan’s limits, resetting the scheduled‑post cron for the free tier, and adjusting team‑member enablement state, but it cannot alter the persisted subscription tier.
Affected Systems
GitroomHQ’s Postiz application is affected; all releases older than version 2.21.8 are vulnerable. The issue was resolved in v2.21.8.
Risk and Exploitability
This is a moderate‑severity flaw with a CVSS score of 4.8 and an EPSS score of less than 1 %. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated HTTP(S) request to the public /public/modify-subscription endpoint with a crafted signed token. The impact is confined to the attacker’s own organization, so there is no tenant‑to‑tenant escalation, but the side‑effects can disrupt business operations and compliance.
OpenCVE Enrichment