LinkAce Database Export Vulnerability Allows Access to Private User Links
Vulnerability
A vulnerability in LinkAce versions through 2.3.1 allows any authenticated user to export the entire database of links from all users, including private links meant only for their owners. The export functions in the ExportController class fail to apply ownership or visibility filters, bypassing access controls. This issue has been addressed in version 2.4.0.
Impact
Exploitation of this vulnerability leads to unauthorized access to private links of all users in the system, allowing for potential exposure of sensitive URLs, embedded credentials, private notes, and organizational information.
Reproduction
To reproduce this vulnerability, log into LinkAce as an authenticated user. Then, send a POST request to either '/export/html' or '/export/csv'. The exported file will contain links from all users, including private links that should only be accessible to their owners.
Remediation
Users are advised to update to LinkAce version 2.4.0, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.