Path Traversal in API Endpoint Allowing Arbitrary File Deletion
A Path Traversal vulnerability in version 0.6.0 of the software allows an attacker to delete any file on the server via the `/v1/resource/file/delete` API endpoint. The issue has not been patched yet.
Available publicly on Nov 05 2024
Threat Overview
The vulnerability exists in the /v1/resource/file/delete API endpoint, where the file_key parameter is not properly sanitized. This allows an attacker to specify arbitrary file paths, leading to the deletion of any file on the server. The lack of input validation and sanitization in the delete_file function of the FileClient class is the root cause of this issue.
Attack Scenario
An attacker can exploit this vulnerability by sending a crafted request to the /v1/resource/file/delete API endpoint with a file_key parameter set to the path of a file they wish to delete. For example, by setting file_key to /tmp/ngductung_pocPathTraversal, the attacker can delete the file /tmp/ngductung_pocPathTraversal on the server.
Who is affected
Users and administrators of the software version 0.6.0 are affected by this vulnerability. Any server running this version is at risk of arbitrary file deletion.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.