Primary

Context

Copyparty Missing Permission Check in Shares Feature Vulnerability

Vulnerability

Patched

A vulnerability exists in Copyparty, a portable file server, in versions prior to 1.19.8. The issue arises from a missing permission check in the shares feature, specifically the 'shr' global option. When a share is created for a single file within a folder, it inadvertently allows access to other files in the same folder by guessing their names. This vulnerability does not extend to subdirectories, affecting only sibling files. Additionally, it does not impact filekeys or dirkeys.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files within the same folder as the shared file, except for files in subdirectories.

Remediation

Users can upgrade to Copyparty version 1.19.8 or later to address this vulnerability.

Added: Sep 9, 2025, 8:22 PM

Updated: Sep 9, 2025, 8:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

5.5

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

0.6

exploitability

5.5

remediation

7.7

relevance

0.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Copyparty Missing Permission Check in Shares Feature Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Copyparty

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating