Impact
An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system.
Details
When users upload files to the server, a job ID is generated to track the file upload operation. However, it has been discovered that this job ID can be manipulated by an attacker. This vulnerability enables an attacker, under the guise of a legitimate user, to hijack and control the file upload process.
Steps to reproduce the vulnerability are as follows:
- A legitimate user initiates a file upload process, during which a unique job ID is generated for the operation.
- An attacker, possessing the job ID, crafts a malicious POST request.
- The manipulated file upload job executes successfully under the guise of the legitimate user's session, resulting in the unauthorized file being uploaded to the system.
Patches
Safe versions: >= v3.10.6
Workarounds
It is recommended to upgrade the safe versions.
The attacker could not manipulate the job ID, and the file upload process would be secure.
References
Thanks for @secur30nly report this issue
Impact
An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system.
Details
When users upload files to the server, a job ID is generated to track the file upload operation. However, it has been discovered that this job ID can be manipulated by an attacker. This vulnerability enables an attacker, under the guise of a legitimate user, to hijack and control the file upload process.
Steps to reproduce the vulnerability are as follows:
Patches
Safe versions: >= v3.10.6
Workarounds
It is recommended to upgrade the safe versions.
The attacker could not manipulate the job ID, and the file upload process would be secure.
References
Thanks for @secur30nly report this issue