FileRise Improper Ownership Validation in File Operations Allowing Cross-Tenant Access

A business logic flaw has been identified in FileRise, a self-hosted web-based file manager, prior to version 1.4.0. The vulnerability allows low-privilege users to perform unauthorized operations such as viewing, deleting, or modifying files created by other users. This issue arises from inferring ownership based on folder names and a lack of server-side authorization checks across file operation endpoints, creating an Insecure Direct Object Reference (IDOR) pattern. Exploitation is possible when non-admin users have access to folders named after other usernames, as the application does not properly validate ownership before allowing file modifications or deletions.

Impact

The vulnerability allows authenticated, non-admin users to bypass ownership checks and manipulate files uploaded by other users, including viewing, deleting, and modifying those files. This behavior compromises the confidentiality and integrity of the affected files.

Reproduction

To reproduce this vulnerability, create a top-level folder named after a username. Then, upload files into that folder. A low-privilege user can access, modify, or delete these files, as the application lacks proper ownership validation. This can be done through the FileRise web interface, by navigating to the 'Files' section, and using the 'Upload' feature to add files to the folder named after the username.

Remediation

Users can upgrade to FileRise version 1.4.0 or later, where this vulnerability has been addressed. Version 1.5.0 is recommended for additional security enhancements. For those unable to upgrade immediately, it is advised to restrict non-admin users to read-only access or disable the delete and rename APIs on the server side. Additionally, avoid creating top-level folders named after other usernames and implement server-side checks to verify file ownership before allowing deletion, renaming, or moving of files.