Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Moderate severity
GitHub Reviewed
Published
Feb 19, 2022
to the GitHub Advisory Database
•
Updated Aug 8, 2023
Package
Affected versions
>= 1.3.0, < 1.3.12
Patched versions
1.3.12
Description
Published by the National Vulnerability Database
Feb 18, 2022
Published to the GitHub Advisory Database
Feb 19, 2022
Reviewed
Mar 4, 2022
Last updated
Aug 8, 2023
When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.
The second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.
References