Breaking Tenant Isolation: Critical Cross-Tenant Data Access in Stripo’s AI Hub Campaign

Breaking Tenant Isolation: Critical Cross-Tenant Data Access in Stripo’s AI Hub Campaign
嗯，用户让我帮忙总结一下这篇文章的内容，控制在一百个字以内。首先，我需要仔细阅读文章内容，找出关键信息。文章提到的是一个授权漏洞，影响的是一个流行的电子邮件营销平台。这个漏洞可能导致数千个组织的敏感活动数据泄露。目标公司是Stripo Inc，他们是一个邮件设计平台。漏洞类型是未经授权的跨租户数据访问，严重程度是关键的，属于CWE-284：不正确的访问控制。这个漏洞已经被解决了，通过HackerOne的漏洞赏金计划发现的。研究人员是No Code（@srcode），他们负责任地披露了这个漏洞。这个漏洞可能影响了Stripo超过100万的用户。所以，总结的时候需要包括：Stripo平台存在授权漏洞，导致跨租户数据泄露，被HackerOne的研究人员发现并修复。现在控制在一百个字以内，直接描述内容即可。 </think> Stripo邮件设计平台存在授权漏洞，可能导致跨租户敏感数据泄露。该漏洞由HackerOne研究人员发现并修复。 2026-2-17 16:59:24 Author: infosecwriteups.com(查看原文) 阅读量:0 收藏

Press enter or click to view image in full size

How a simple authorization flaw in a popular email marketing platform could have exposed sensitive campaign data across thousands of organizations

📋 Quick Facts

Target: Stripo Inc (Email Design Platform)
Vulnerability: Unauthorized Cross-Tenant Data Access
Severity: Critical
CWE: CWE-284: Improper Access Control
Status: Resolved ✅
Platform: HackerOne
Bounty: Not Disclosed
Feature Affected: AI Hub Campaign

🎖️ Researcher Attribution

This critical vulnerability was discovered and responsibly disclosed by No Code (@srcode) through HackerOne’s bug bounty program. Their diligent research helped protect potentially millions of users across Stripo’s customer base. Full credit goes to the original researcher for identifying this significant security flaw.

📖 The Story: When AI Features Meet Authorization Failures

Stripo has become a household name in the email marketing world. Used by over 1 million users globally, the platform allows…

文章来源: https://infosecwriteups.com/breaking-tenant-isolation-critical-cross-tenant-data-access-in-stripos-ai-hub-campaign-ef9d69378314?source=rss----7b722bfd1b8d---4
如有侵权请联系:admin#unsafe.sh