CVE-2023-32322

Name of the Vulnerable Software and Affected Versions Ombi versions prior to 4.38.2

Description The issue is an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. This vulnerability is present in the ReadLogFile and Download endpoints in SystemControllers.cs as the parameter logFileName is not sanitized before being combined with the Logs directory. An attacker may be able to escape to folders/files outside of the intended directory by using ".." in the logFileName parameter or by specifying an absolute path. This can lead to information disclosure, potentially allowing an attacker to read files of any Windows user on the host machine and certain system files.

Recommendations For Ombi versions prior to 4.38.2, upgrade to release version 4.38.2 to address the issue. As a temporary workaround, consider restricting access to the ReadLogFile and Download endpoints until the upgrade is possible. Additionally, avoid running Ombi as a Service with Administrator privileges if not necessary, to minimize the risk of exploitation.