FastApiAdmin Unrestricted File Download Vulnerability
Vulnerability
A vulnerability allowing unrestricted file download has been identified in FastApiAdmin versions through 2.2.0. The issue resides in the download_controller function within the Download Endpoint, specifically in the file controller.py. The vulnerability arises because the file_path parameter is manipulated without proper path sanitization or validation, allowing authenticated users with the appropriate permissions to access sensitive server files. This could lead to information disclosure and potential further attacks.
Impact
Exploitation of this vulnerability allows for unauthorized access to sensitive files on the server, such as the passwd file or private keys, which could be used for additional attacks.
Reproduction
To reproduce this vulnerability, send a POST request to the /api/v1/common/file/download endpoint with an absolute file path or a traversal payload in the file_path parameter. The request must include the module_common:file:download permission.
Remediation
No known mitigation is available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.