SiYuan Personal Knowledge Management System Unvalidated Path Vulnerability in Import API

A vulnerability exists in SiYuan personal knowledge management system, specifically in versions through 3.6.0. The issue arises in the POST /api/import/importStdMd endpoint, where the localPath parameter is passed to the model.ImportFromLocalPath function without any path validation. This lack of validation allows the function to recursively read all files under the specified path and permanently save their contents as SiYuan note documents in the workspace database. These notes become searchable and accessible to all users in the workspace. The imported data remains in the database after restarts and can be accessed by Publish Service Reader accounts. This vulnerability can be exploited by an admin user to import sensitive files, which can then be accessed by a non-admin user through a chained SQL injection attack, according to the advisory.

Impact

An admin can import the contents of any readable host directory into the SiYuan workspace as searchable notes, with no restrictions on sensitive paths. This data is stored in the workspace database, survives restarts, and is accessible to Publish Service Reader accounts. Additionally, a non-admin user can exploit a related SQL injection vulnerability to access all imported sensitive information without needing extra privileges.

Reproduction

To reproduce this vulnerability, an admin user can create a notebook and use the vulnerable import API to upload files from any readable directory, including sensitive paths like '/proc/1' and '/run/secrets'. After the import, the admin can exploit the SQL injection vulnerability to access the imported data as a non-admin user.

Remediation

Users can upgrade to SiYuan version 3.6.1, which addresses this vulnerability by implementing proper path validation in the import API.