FileRise Missing Authentication Vulnerability in Share Link Deletion Endpoint Allowing Denial-of-Service

A missing authentication vulnerability has been identified in FileRise, a self-hosted web file manager and WebDAV server, in versions prior to 3.8.0. The vulnerability exists in the deleteShareLink endpoint, where any unauthenticated user can delete arbitrary file share links by simply providing the share token. This deletion process is executed without any authentication, authorization, or Cross-Site Request Forgery (CSRF) validation, leading to a denial-of-service condition for shared file access. The issue has been fixed in version 3.8.0.

Impact

Exploitation of this vulnerability allows any unauthenticated user to delete file share links, causing a denial-of-service condition for users who rely on those links to access shared files. The vulnerability could be automated to delete all active share links.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /api/file/deleteShareLink.php endpoint with a valid share token. This can be done without any authentication or CSRF token, allowing the deletion of the share link associated with the token.

Remediation

Users are advised to update to FileRise version 3.8.0, which requires authentication and admin privileges for share link deletion, along with a valid CSRF token.