Impact
Capgo before version 12.128.2 contains a NULL‑auth bypass vulnerability in the public.get_org_user_access_rbac function that permits unauthenticated attackers to retrieve RBAC role bindings and member email addresses. The flaw arises from an improper NULL comparison in the authorization gate, allowing attackers to read sensitive membership and role information through the PostgREST RPC endpoint. This weakness is classified as CWE‑287, a broken authentication and authorization scenario leading to information disclosure.
Affected Systems
All Capgo deployments running a version earlier than 12.128.2 are affected. No other vendors or products are listed. Anyone using the Capgo platform with a default or public API key configuration may be vulnerable.
Risk and Exploitability
The CVSS score of 8.7 indicates a high severity impact. While the EPSS score is not available, the vulnerability can be exploited remotely with only a public API key, representing a low barrier to entry for attackers. The vulnerability is not listed in the CISA KEV catalog, but its ease of exploitation and the sensitivity of disclosed data make it a high‑risk issue. The likelihood of exploitation is significant for any publicly exposed Capgo instance that does not enforce stricter authentication for the RPC endpoint.
OpenCVE Enrichment