Skip to content

File upload interface does not do permission verification exists XSS vulnerability

High
fit2cloudrd published GHSA-625h-q3g9-rffc Mar 24, 2023

Package

maven io.dataease (Maven)

Affected versions

<= 1.18.4

Patched versions

1.18.5

Description

Impact

The file upload interface is not checked for permissions, so users who are not logged in can upload any file directly to the background, and the file type is not checked, so they can upload any type of file.

Vulnerable interface: static/resource/upload/.

  1. Upload an html to static/resource/upload/interface, the javascript in the html is used to pop up the cookie, after deleting the cookie, the upload can still be successful.
    image

  2. Upload the file name b1ace870-c3d6-11ed-9218-a9fe7c2f5491, just don't repeat the file name

  3. The files are uploaded and stored in the static-resource directory, visit http://192.168.253.1:8091/static-resource/b1ace870-c3d6-11ed-9218-a9fe7c2f5491.html
    Popped up cookie information, forming a stored XSS vulnerability
    image

Affected versions: <= 1.18.4

Patches

The vulnerability has been fixed in v1.18.5.

Workarounds

It is recommended to upgrade the version to v1.18.5.

References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/dataease/dataease
Email us at wei@fit2cloud.com

Severity

High

CVE ID

CVE-2023-28435

Weaknesses

No CWEs

Credits