Blinko Path Traversal Vulnerability Allowing Arbitrary File Read
Vulnerability
A path traversal vulnerability has been identified in Blinko versions prior to 1.8.4. The issue arises in the file server endpoint, which fails to implement proper permission checks for the 'temp/' directory. This oversight allows unauthorized attackers to traverse directories and read arbitrary files from the server. Additionally, when scheduled backup tasks are active, attackers can access backup files containing user notes and TOKENS.
Impact
Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, including sensitive backup files that contain user notes and TOKENS.
Reproduction
To reproduce this vulnerability, send a GET request to the '/api/file/temp/' endpoint without any authentication. The request will bypass the usual permission checks for the 'temp/' directory, allowing access to files that should be restricted.
Remediation
Users can update to Blinko version 1.8.4 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.