Listen to this Post
On a multi-tenant Stigmem node, the Right‑To‑Be‑Forgotten (RTBF) tombstone mechanism suffers from two critical scoping flaws that break tenant isolation.
Flaw 1 – Tombstone Write Mis‑scoping:
The `issue_tombstone` function defaults the `tenant` field to `”default”` instead of using the caller’s actual tenant identifier. As a result, when a tenant‑A user issues a deletion request, the tombstone record may be written into tenant‑B’s namespace. This effectively allows one tenant to plant tombstones that belong to another tenant, corrupting the deletion audit trail and violating the fundamental premise of multi‑tenant data segregation.
Flaw 2 – Tombstone Read Suppression Tenant‑Blind:
The read‑suppression path — comprising `_get_tombstone_filter` (in routes/facts/common.py) and the `_tombstone_scope_cache` (in lifecycle/tombstones.py) — lacks any `tenant_id` predicate. When a fact query or provenance read is executed, the system applies tombstone suppression across all tenants indiscriminately. This means:
– A tombstone created for tenant‑B can suppress facts belonging to tenant‑A (and vice versa).
– Conversely, a tombstone may fail to suppress facts when it should, because the suppression logic does not consider the tenant of the requesting user.
Both issues are reachable via the `/v1/tombstones` endpoint and through the fact query and provenance read paths. The combination of these flaws completely undermines the cross‑tenant integrity of the RTBF mechanism: one tenant’s deletion can be recorded against the wrong tenant, and tombstone suppression can hide — or fail to hide — facts across tenant boundaries, breaking both data‑view correctness and the legal guarantees of RTBF.
Affected Deployments:
This vulnerability is exploitable only on nodes that have opted into the `stigmem-plugin-multi-tenant` plugin (i.e., multiple tenants on a single node). A default single‑tenant installation has only the `”default”` tenant and no second tenant to cross, so it is not affected. For multi‑tenant deployments, however, the severity is HIGH.
Patched Version:
The fix is included in 0.9.0a12 (PR 728). The patch:
– Passes `identity.tenant_id` from `issue_tombstone` into create_tombstone, eliminating the `”default”` fallback.
– Adds `tenant_id = ?` to `_get_tombstone_filter` and get_tombstone_status.
– Re‑keys the suppression cache to include the tenant.
– Threads the caller’s tenant through all four read call sites.
After the patch, a tenant‑B tombstone suppresses only tenant‑B facts and is completely invisible to tenant‑A reads.
Workarounds:
None, other than upgrading to 0.9.0a12. Single‑tenant deployments are unaffected and require no action.
DailyCVE Form
| Field | Value |
|-|-|
| Platform | Stigmem multi-tenant node |
| Version | < 0.9.0a12 |
| Vulnerability | Cross‑tenant RTBF tombstone mis‑scoping |
| Severity | High |
| Date | 2026‑05‑19 |
| Prediction | Already patched in 0.9.0a12 |
What Undercode Say (Analytics)
Vulnerable Code Snippet (before fix) – `issue_tombstone`:
def issue_tombstone(caller, entity_uri): BUG: tenant hardcoded to "default" return create_tombstone(tenant="default", entity_uri=entity_uri)
Vulnerable Code Snippet (before fix) – `_get_tombstone_filter`:
def _get_tombstone_filter(): BUG: no tenant_id predicate return "SELECT ... FROM tombstones WHERE entity_uri = ?"
Fixed Code (PR 728) – `issue_tombstone`:
def issue_tombstone(caller, entity_uri): FIX: use caller's actual tenant return create_tombstone(tenant=caller.tenant_id, entity_uri=entity_uri)
Fixed Code (PR 728) – `_get_tombstone_filter`:
def _get_tombstone_filter(tenant_id): FIX: tenant_id predicate added return "SELECT ... FROM tombstones WHERE tenant_id = ? AND entity_uri = ?"
Bash Command to Check Your Version:
Check installed stigmem-node version pip show stigmem-node | grep Version If version < 0.9.0a12 and multi‑tenant plugin is enabled, you are vulnerable.
Bash Command to Verify Multi‑Tenant Plugin Status:
List enabled plugins stigmemctl plugins list | grep multi-tenant
Exploit
An attacker with access to tenant‑A can:
- Call `/v1/tombstones` with an `entity_uri` that belongs to tenant‑B.
- Because `issue_tombstone` defaults the tenant to
"default", the tombstone is written into tenant‑B’s namespace (or into the `”default”` namespace, depending on the configuration). - Later, when tenant‑B queries its facts, the read‑suppression path (which lacks a `tenant_id` filter) may:
– Suppress tenant‑B’s facts based on a tombstone that was incorrectly planted by tenant‑A.
– Fail to suppress tenant‑B’s facts when a legitimate tombstone exists, because the suppression cache is keyed without tenant context.
The attacker can thus:
- Hide facts belonging to another tenant, causing data loss or denial of service.
- Prevent the rightful deletion of their own data, breaking RTBF compliance.
- Corrupt the audit trail by creating tombstones that are attributed to the wrong tenant.
Protection
- Upgrade immediately to stigmem‑node 0.9.0a12 or later.
- If you are running a single‑tenant deployment, you are not affected and no action is required.
- For multi‑tenant deployments, ensure that the `stigmem‑plugin‑multi‑tenant` plugin is enabled only after upgrading to the patched version.
- As a general best practice, regularly audit your plugin list and version to catch future vulnerabilities early.
Impact
- Cross‑tenant data leakage: One tenant can read or suppress facts belonging to another tenant, violating data isolation.
- RTBF integrity failure: Deletion requests may be recorded against the wrong tenant, and tombstones may fail to suppress facts when they should — or suppress them when they shouldn’t.
- Audit corruption: The tombstone audit trail becomes unreliable, making it impossible to verify that a tenant’s data has been properly forgotten.
- Legal & compliance risk: For deployments subject to GDPR or similar regulations, this flaw directly undermines the “right to be forgotten” guarantee.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
