[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.18.0\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" global_colors_info=\"{}\"]<\/p>\n
<\/p>\n
<\/p>\n
Advisory ID<\/strong>: usd-2022-0010 Filerun allows users to place comments on their uploaded files. Due to improper access control comments on files can be deleted by any user.<\/p>\n In the following, an exemplary request to delete a comment is given:<\/p>\n <\/p>\n commentId=4&path=%2FROOT%2FHOME%2Fexample.txt&csrf=[REDACTED]<\/p>\n<\/div>\n It is recommended to restrict access to sensitive functions or information by default. Required access privileges should be granted explicitly by a global access control mechanism. Only allow required users to remove comments (e.g. file owner, shared users).<\/p>\n This security vulnerability was found by Christian P\u00f6schl of usd AG.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2022-0010 | Broken Access Control in Filerun (Update 20220202) Advisory ID: usd-2022-0010Product: FilerunAffected Version: <= Update 20220202Vulnerability Type: https:\/\/cwe.mitre.org\/data\/definitions\/284.htmlSecurity Risk: MediumVendor URL: https:\/\/filerun.comVendor acknowledged vulnerability: YesVendor Status: Fixed Introduction Filerun allows users to place comments on their uploaded files. Due to improper access control comments on files can be deleted by any user. […]<\/p>\n","protected":false},"author":109,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-19010","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/19010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/109"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=19010"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/19010\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=19010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Product<\/strong>: Filerun
Affected Version<\/strong>: <= Update 20220202
Vulnerability Type<\/strong>: https:\/\/cwe.mitre.org\/data\/definitions\/284.html<\/a>
Security Risk<\/strong>: Medium
Vendor URL<\/strong>: https:\/\/filerun.com
<\/a>Vendor acknowledged vulnerability:<\/span><\/strong> Yes
Vendor Status<\/strong>: Fixed<\/p>\nIntroduction<\/h3>\n
Proof of Concept<\/h3>\n
<\/span>POST<\/span> \/?module=comments§ion=ajax&page=remove<\/span> HTTP<\/span>\/<\/span>1.1<\/span>\nHost<\/span>:<\/span> localhost<\/span>\nContent-Type<\/span>:<\/span> application\/x-www-form-urlencoded; charset=UTF-8<\/span>\nContent-Length<\/span>:<\/span> 115<\/span>\nCookie<\/span>:<\/span> FileRunSID=[REDACTED]<\/span>\n[...]<\/span><\/pre>\n
By setting the parameter <\/span>commentId<\/strong> a user can delete any comment, even if it is not owned by the user.<\/span><\/p>\nFix<\/h3>\n
References<\/h3>\n
\n
<\/a><\/li>\nTimeline<\/h3>\n
\n
Credits<\/h3>\n