FileBrowser Quantum Password Protected Share Bypass Vulnerability
Vulnerability
A vulnerability in FileBrowser Quantum prior to versions 1.3.1-beta and 1.2.2-stable allows unauthorized access to password-protected shared files. The issue arises because tokenized download URLs are inadvertently exposed through the public API share info endpoint, bypassing password protections. This flaw is present in versions 1.3.0-beta and 1.2.1-stable.
Impact
Exploitation of this vulnerability allows an unauthenticated attacker to access password-protected files without the required credentials, leading to unauthorized file access and a breach of confidentiality.
Reproduction
To reproduce this vulnerability, create a password-protected share as an authenticated user. Copy the public share URL and query the public share info endpoint, which will return a response including a download URL tokenized for bearer download capability. This URL can then be used to download the shared file directly, bypassing the password requirement.
Remediation
Users can update to FileBrowser Quantum versions 1.3.1-beta or 1.2.2-stable, both of which include the necessary fix for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.