Parse Dashboard is a management interface for Parse Server applications. In affected versions (7.3.0-alpha.42 to 9.0.0-alpha.7), the AI Agent API endpoint (`POST /apps/:appId/agent`) suffers from a missing authorization check (CWE-862). Authenticated users with access scoped to specific apps can bypass intended access controls by modifying the appId parameter in the URL to interact with other apps' agent endpoints. This leads to unauthorized access across app boundaries. Furthermore, users with read-only roles are erroneously provided the full master key instead of a restricted read-only master key. This misconfiguration allows them to escalate privileges by supplying write permissions in the request body, enabling unauthorized write and delete operations on other apps. The vulnerability only affects dashboards configured with the `agent` feature enabled; dashboards without this configuration are not vulnerable. The issue was resolved in version 9.0.0-alpha.8 by implementing per-app authorization enforcement and stripping write permissions from read-only users server-side. No known exploits have been reported in the wild yet. The vulnerability has a CVSS 4.0 score of 9.3, indicating critical severity due to network attack vector, low complexity, no required user interaction, and high impact on confidentiality, integrity, and availability.

This vulnerability poses a severe risk to organizations using parse-dashboard with the `agent` configuration enabled. Attackers with authenticated access scoped to any app can pivot to other apps, potentially compromising sensitive data, modifying or deleting critical application data, and disrupting service availability. The unauthorized privilege escalation from read-only to full master key access exacerbates the threat, enabling attackers to perform destructive operations without proper authorization. This can lead to data breaches, loss of data integrity, service downtime, and erosion of trust in affected applications. Organizations relying on parse-dashboard for multi-tenant or multi-app environments are particularly at risk, as the flaw breaks isolation between apps. The lack of user interaction and low complexity of exploitation increase the likelihood of successful attacks once an attacker gains authenticated access. The absence of known exploits in the wild suggests the vulnerability is newly disclosed, but the critical nature demands immediate attention to prevent potential exploitation.

Organizations should immediately upgrade parse-dashboard to version 9.0.0-alpha.8 or later, which includes the necessary authorization fixes. If upgrading is not immediately feasible, administrators should remove the `agent` configuration block from their dashboard configuration to disable the vulnerable endpoint. Additionally, review and tighten access controls to ensure users have the minimum necessary privileges and monitor logs for unusual API access patterns, especially cross-app requests to the agent endpoint. Implement network-level restrictions to limit dashboard access to trusted IP addresses and enforce strong authentication mechanisms to reduce the risk of unauthorized authenticated access. Regularly audit dashboard configurations and user roles to detect and remediate privilege misconfigurations. Finally, maintain an incident response plan to quickly address any signs of exploitation related to this vulnerability.