ZimaOS Arbitrary File Read Vulnerability in File Download Endpoint
Vulnerability
An arbitrary file read vulnerability has been identified in ZimaOS versions through 1.4.1. The issue arises in the '/v2_1/files/file/download' endpoint, which allows any user with access to localhost to read files. This file access is executed with root privileges, creating a significant security risk.
Impact
Exploitation of this vulnerability allows for arbitrary file read operations from the affected system, with the potential to access sensitive files such as the password file, depending on the exploited file path.
Reproduction
The vulnerability can be reproduced by sending a request to the '/v2_1/files/file/download' endpoint from the localhost interface. This can be done using a tool like curl. The request can include a 'path' parameter specifying the file to be read, such as '/etc/passwd'.
Remediation
Users are advised to update to a version of ZimaOS later than 1.4.1, as no patched version is currently available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.