VideoLAN VLC for Android Path Traversal Vulnerability in Remote Access Server Routing
Vulnerability
A path traversal vulnerability has been identified in VideoLAN VLC for Android, affecting versions prior to 3.7.0. The issue arises in the Remote Access Server routing for the authenticated endpoint GET /download. The vulnerability allows an authenticated attacker with network access to the Remote Access Server to request files outside the intended download directory. This is possible because the file query parameter is directly appended to a filesystem path under the configured download directory, without proper canonicalization or directory containment checks. The impact is limited by Android's application sandbox and storage restrictions, usually confining exposure to app-internal and app-specific external storage.
Impact
Exploitation of this vulnerability could lead to unauthorized access to files outside the designated download directory, within the constraints of the Android application sandbox and storage limitations.
Remediation
Users can update to VLC for Android version 3.7.0 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.