Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14OHh4LXg4MnEtNDJxM80tiA
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.
The second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.
Permalink: https://github.com/advisories/GHSA-x8xx-x82q-42q3JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14OHh4LXg4MnEtNDJxM80tiA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-x8xx-x82q-42q3, CVE-2022-25336
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-25336
- https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization
- https://github.com/advisories/GHSA-x8xx-x82q-42q3
Affected Packages
packagist:ezsystems/ezplatform-kernel
Dependent packages: 114Dependent repositories: 99
Downloads: 202,057 total
Affected Version Ranges: >= 1.3.0, < 1.3.12
Fixed in: 1.3.12
All affected versions: 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.3.7, 1.3.8, 1.3.9, 1.3.10, 1.3.11
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7, 1.2.8, 1.3.12, 1.3.13, 1.3.14, 1.3.15, 1.3.16, 1.3.17, 1.3.18, 1.3.19, 1.3.20, 1.3.21, 1.3.22, 1.3.23, 1.3.24, 1.3.25, 1.3.26, 1.3.27, 1.3.28, 1.3.29, 1.3.30, 1.3.31, 1.3.32, 1.3.33, 1.3.34, 1.3.35, 1.3.36, 1.3.37