Breaking Tenant Isolation: Critical Cross-Tenant Data Access in Stripo’s AI Hub Campaign

Breaking Tenant Isolation: Critical Cross-Tenant Data Access in Stripo’s AI Hub Campaign
好的，我现在需要帮用户总结一篇文章的内容，控制在100个字以内。用户提供的文章是关于一个安全漏洞的，涉及到Stripo Inc这个邮件设计平台。首先，我要理解文章的主要内容。文章提到研究人员No Code通过HackerOne的漏洞赏金计划发现了一个严重的授权漏洞。这个漏洞允许未经授权的跨租户数据访问，属于CWE-284类别。漏洞已经被修复，但可能影响了数千个组织的敏感数据。接下来，我需要将这些信息浓缩到100字以内。要确保涵盖关键点：研究人员、平台名称、漏洞类型、影响范围和结果。可能会遇到的问题是如何简洁地表达这些信息而不遗漏重要细节。例如，“跨租户数据访问”可以简化为“跨租户数据访问漏洞”。同时，要避免使用复杂的术语，让总结更易懂。最后，检查字数是否符合要求，并确保没有使用“文章内容总结”之类的开头语。直接描述事件即可。 </think> 研究人员通过HackerOne发现邮件营销平台Stripo存在严重授权漏洞，导致跨租户数据泄露风险，影响数千组织。 2026-2-17 16:59:24 Author: infosecwriteups.com(查看原文) 阅读量:1 收藏

Press enter or click to view image in full size

How a simple authorization flaw in a popular email marketing platform could have exposed sensitive campaign data across thousands of organizations

📋 Quick Facts

Target: Stripo Inc (Email Design Platform)
Vulnerability: Unauthorized Cross-Tenant Data Access
Severity: Critical
CWE: CWE-284: Improper Access Control
Status: Resolved ✅
Platform: HackerOne
Bounty: Not Disclosed
Feature Affected: AI Hub Campaign

🎖️ Researcher Attribution

This critical vulnerability was discovered and responsibly disclosed by No Code (@srcode) through HackerOne’s bug bounty program. Their diligent research helped protect potentially millions of users across Stripo’s customer base. Full credit goes to the original researcher for identifying this significant security flaw.

📖 The Story: When AI Features Meet Authorization Failures

Stripo has become a household name in the email marketing world. Used by over 1 million users globally, the platform allows…

文章来源: https://infosecwriteups.com/breaking-tenant-isolation-critical-cross-tenant-data-access-in-stripos-ai-hub-campaign-ef9d69378314?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh