PT-2024-32829 · Saltcorn · Saltcorn

Dellalibera

Published

2024-10-07

Updated

2024-10-10

CVE-2024-47818

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Saltcorn versions prior to 1.0.0-beta16

Description A logged-in user with any role can delete arbitrary files on the filesystem by calling the /sync/clean sync dir endpoint. The dir name POST parameter is not validated/sanitized and is used to construct the syncDir that is deleted by calling fs.rm. This issue allows for arbitrary file deletion.

Recommendations For versions prior to 1.0.0-beta16, upgrade to release version 1.0.0-beta16 or later to address the issue. As a temporary workaround, consider implementing input validation for the dir name parameter to ensure it does not contain malicious paths. Restrict access to the /sync/clean sync dir endpoint to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2024-47818

GHSA-43F3-H63W-P6F6

Affected Products

Saltcorn

PT-2024-32829 · Saltcorn · Saltcorn

CVE-2024-47818

Weakness Enumeration

Related Identifiers

Affected Products

References · 11