Arbitrary File Read via Insufficient Validation in Load Prompt Template
A vulnerability in version 20240628 allows arbitrary file reading due to insufficient validation when loading prompt template files. This issue was patched in a subsequent release.
Available publicly on Oct 12 2024
Threat Overview
The vulnerability arises from insufficient validation when loading prompt template files, allowing an attacker to read any file that matches specific criteria using an absolute path. The files must not have a .json extension and must contain commas in every line except the first. This can expose sensitive information from log files, ini files, JavaScript files, and some compressed or encrypted script files.
Attack Scenario
An attacker logs into the application, navigates to the 'Load Prompt Template' section, and intercepts the request to modify the file path to an absolute path of a target file. The application then processes the file, splitting it into parts using commas, and displays the content, allowing the attacker to read sensitive information.
Who is affected
Users of the affected version 20240628 who utilize the 'Load Prompt Template' feature are at risk. This includes administrators and regular users who have access to this functionality.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.