CVE-2023-0609

Name of the Vulnerable Software and Affected Versions wallabag versions prior to 2.5.3

Description The issue concerns an improper authorization vulnerability in the wallabag GitHub repository. It affects the export feature, which allows users to export entries in various formats, such as PDF, MOBI, or TXT, without proper ownership validation. This is due to a lack of access validation in the downloadEntryAction method. For example, a user can export an entry using the endpoint /export/45.pdf without being the owner of the entry. The vulnerability can lead to insecure direct object reference attacks, allowing logged-in users to export any single entry without validation.

Recommendations For versions prior to 2.5.3, update to version 2.5.3 or higher, especially if you have multiple users or open registration. As a temporary workaround, consider blocking requests to the endpoint /export/* to limit the risk of exploitation. This can be achieved by configuring your web server, for example, with nginx, using the following configuration:

location /export {
  deny all;
}