Path Traversal Vulnerability in Document Uploads Manager
A path traversal vulnerability in the document uploads manager feature of the latest version of the software allows users with 'manager' roles to access and delete the 'anythingllm.db' database file. This issue was patched in version 1.2.2.
Available publicly on Jul 31 2024
Threat Overview
The vulnerability exists in the '/api/document/move-files' endpoint, which allows users to move files between folders. Due to insufficient validation, users can exploit this endpoint to move the 'anythingllm.db' database file to a publicly accessible directory, download it, and delete it. This can lead to unauthorized access to sensitive data, privilege escalation, and potential data loss.
Attack Scenario
An attacker with 'manager' role privileges can exploit this vulnerability by first updating their profile picture filename to 'anythingllm.db'. They can then use the path traversal vulnerability to move the database file to a directory where profile pictures are stored. By downloading the profile picture, they gain access to the database file. Finally, they can delete the database file by sending a profile picture removal request.
Who is affected
Users of the software who have the 'manager' role are directly affected, as they can exploit this vulnerability. Indirectly, all users of the software are affected because an attacker can access and delete the entire database, leading to data loss and service disruption.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.