Impact
An improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files
This vulnerability is capable of allowing unlogged in users to download all finding imports file
Patches
Update to 1.7.7
Workarounds
Not known
References
Huntr.dev Bug Report by @M0rphling
ktg9 Analyst
Impact
An improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files
This vulnerability is capable of allowing unlogged in users to download all finding imports file
Patches
Update to 1.7.7
Workarounds
Not known
References
Huntr.dev Bug Report by @M0rphling