Understanding and Preventing Cross-Workspace Object Access in PraisonAI Platform
The PraisonAI Platform has a systemic object-level authorization flaw that allows an authenticated user from one workspace to access, modify, and delete objects belonging to another workspace. This is due to workspace-scoped REST routes not properly verifying object ownership.