PsiTransfer: Violation of the integrity of file distribution

Summary
The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution.

Details
Vulnerable endpoint: POST /files

PoC

Create a file distribution.

Go to the link address (id of the file distribution is needed by an attacker to upload files there).

Send a POST /files. As the value of the Upload-Metadata header we specify the sid parameter with the id of the file distribution obtained in the second step. In the response from the server in the Location header we get the path for uploading a new file to the file distribution.

Send a PATCH /files/{{id}} request with arbitrary content in the request body. Id is taken from the previous step.

Result:

Impact
The vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.

References

psi-4ward published to psi-4ward/psitransfer Apr 5, 2024

Published to the GitHub Advisory Database Apr 5, 2024

Reviewed Apr 5, 2024

Published by the National Vulnerability Database Apr 9, 2024

Last updated Apr 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS base metrics

Weaknesses

CVE ID

GHSA ID

Source code

Credits