SiYuan Personal Knowledge Management System Global Copy Files API Path Traversal Vulnerability Allowing Sensitive File Exfiltration

A vulnerability exists in SiYuan personal knowledge management system, specifically in versions 3.6.0 and prior. The issue arises in the globalCopyFiles API, which reads source files without proper workspace boundary checks. It relies on a path sensitivity check that omits critical directories such as /proc/, /run/secrets/, and home directory dotfiles. This oversight allows an admin to copy sensitive files, like Docker secrets or environment variables, into the workspace, where they can be accessed through the standard file API. The vulnerability has been patched in version 3.6.1.

Impact

Exploitation of this vulnerability allows for the exfiltration of any file that the SiYuan process can read, excluding those blocked by an incomplete path sensitivity blocklist. In containerized deployments, this includes all injected secrets and environment variables, a common method for passing credentials to containers. The exfiltrated files can be accessed via the standard workspace file API and remain until manually deleted.

Reproduction

To reproduce this vulnerability, an admin can use the globalCopyFiles API to copy files from /proc/1/environ or Docker secrets from /run/secrets/ into the workspace. This can be done by sending a POST request to the globalCopyFiles API endpoint with the paths of the files to be copied and the destination directory in the workspace. After the files are copied, they can be accessed through the standard file API.

Remediation

Users can update to SiYuan version 3.6.1, where this vulnerability has been fixed.