IDOR Vulnerability Allowing Unauthorized File Access
An IDOR vulnerability in version v0.3.94 allows attackers to view any file by directly calling the GET /api/chat/file/{file_id} interface. The issue has not yet been patched.
Available publicly on Oct 10 2024
Threat Overview
The vulnerability arises from the lack of proper access control in the file retrieval endpoint. Specifically, the application does not verify whether the requester is the creator or authorized user of the file. This allows an attacker to access any file by knowing or guessing its file ID. The endpoint directly reads and returns the file content without any authorization checks.
Attack Scenario
An attacker can exploit this vulnerability by sending a GET request to the /api/chat/file/{file_id} endpoint with a valid file ID. Since the application does not verify the requester's permissions, the attacker can access any file, potentially exposing sensitive information.
Who is affected
Users of the application running version v0.3.94 are affected. This includes any deployment where the file retrieval endpoint is exposed and accessible.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.