FileRise Unauthenticated File Read Vulnerability in WebDAV Server

A file read vulnerability has been identified in FileRise, a self-hosted web file manager and WebDAV server, affecting versions through 3.2.3. The vulnerability arises from insufficient access control on the '/uploads' directory, allowing unauthenticated users to directly access files by knowing or guessing the file path. This lack of protection could lead to the exposure of sensitive data and a breach of privacy.

Impact

Exploitation of this vulnerability allows for unauthorized access to files in the '/uploads' directory, potentially leading to the exposure of sensitive information such as configuration files, personal data, or credentials. This unauthorized file access could also expand the attack surface for further exploitation.

Reproduction

The vulnerability can be reproduced by uploading a file to the '/uploads' directory, logging out of the application, and then accessing the file directly through the URL, bypassing authentication. This issue exists in the default Docker configuration of FileRise.

Remediation

Users can upgrade to FileRise version 3.3.0, which addresses the vulnerability by implementing access controls on the '/uploads' directory. Instructions for downloading this version are available on the FileRise GitHub releases page.