Arbitrary File Deletion via Directory Traversal in JSON File Handling
A vulnerability in the JSON file handling mechanism allows any user to delete any JSON file on the server, including critical configuration files. This affects version 20240410 and has not yet been patched.
Available publicly on Jul 31 2024
Threat Overview
The vulnerability arises from improper handling of file paths in JSON requests, allowing an attacker to manipulate the file path and delete arbitrary files on the server. This includes critical configuration files such as config.json and ds_config_chatbot.json. The ability to traverse directories and delete any JSON file can lead to significant disruption, unauthorized access, and potential data loss or corruption.
Attack Scenario
An attacker intercepts a request to delete a conversation title and modifies the file path in the request to point to a critical JSON file, such as config.json. By sending the modified request, the attacker can delete the specified file. Additionally, the attacker can traverse directories to identify and delete any JSON file on the server, leading to unauthorized access and manipulation of sensitive information.
Who is affected
Users of the affected software version 20240410 are vulnerable. This includes any server running this version where users have the ability to send JSON requests that can be intercepted and modified.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.