Horilla HRMS Unauthenticated Access to Candidate Resumes Vulnerability

A vulnerability in Horilla HRMS version 1.3.0 allows unauthenticated users to access uploaded resume files by directly guessing or predicting file URLs. These resumes are stored in a publicly accessible directory without any authentication or authorization checks, enabling attackers to retrieve sensitive candidate information. This issue arises from broken access control, violating the principle of least privilege and potentially leading to unauthorized data exposure and privacy violations.

Impact

Exploitation of this vulnerability could result in the unauthorized disclosure of sensitive personally identifiable information (PII) from candidate resumes to unauthenticated attackers.

Reproduction

To reproduce this vulnerability, submit a resume through the public job application form. After the resume is uploaded, attempt to access the file by guessing or enumerating file names based on predictable patterns, such as 'resume1.pdf' or 'cv.pdf'. The files will be accessible without any authentication or authorization.