eGovFramework Common Components Unauthenticated Encryption Oracle Vulnerability in Web Editor Image Upload

A vulnerability exists in eGovFramework/egovframe-common-components in versions through 4.3.1, related to the Web Editor image upload feature. This vulnerability involves an encryption oracle that allows attackers to create valid ciphertext for selected values. The image upload endpoints encrypt server-side paths, filenames, and MIME types, embedding this information into a download URL returned to the client. However, because these encrypted parameters are trusted by other endpoints, an unauthenticated attacker can exploit the image upload functionality to obtain encrypted representations of chosen identifiers and replay them to file-serving APIs. This flaw bypasses access controls that depend on the secrecy of encrypted parameters, enabling the retrieval of arbitrary stored files that typically require a valid session or specific authorization.

Impact

Exploitation of this vulnerability allows for unauthorized access to files that should be protected by access controls, potentially leading to the disclosure of sensitive information.