GHSA-9237-rg5p-rhfw: @saltcorn/data: Tenant user role is used for tenant creation role check

April 22, 2026

When a tenant admin is logged out of the root domain (e.g., saltcorn.com) but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context (admin), and a new tenant is created on the root domain (in PUBLIC SCHEMA > _sc_tenants), rather than in the tenant’s own _sc_tenants table.

If the same logic applies to other routes, a tenant admin effectively gains admin rights on the root domain.

References

github.com/advisories/GHSA-9237-rg5p-rhfw
github.com/saltcorn/saltcorn
github.com/saltcorn/saltcorn/security/advisories/GHSA-9237-rg5p-rhfw

Code Behaviors & Features

Detect and mitigate GHSA-9237-rg5p-rhfw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →