FileRise Snippet Endpoint Authorization Flaw Allowing Unauthorized File Content Access

An authorization vulnerability has been identified in FileRise, a self-hosted web-based file manager, affecting versions 2.3.7 prior to 3.10.0. The issue arises in the file snippet endpoint '/api/file/snippet.php', where an authenticated user with 'read_own' access can retrieve snippet content from files uploaded by other users in the same folder. This flaw disrupts proper ownership checks, allowing unauthorized access to file contents.

Impact

This vulnerability allows authenticated users with limited 'read_own' permissions to access and read partial snippets from files belonging to other users within the same folder, violating user isolation and potentially exposing sensitive information.

Reproduction

To reproduce this vulnerability, an authenticated user (User A) with 'read_own' permission in a folder must request a snippet from a file uploaded by another user (User B) in the same folder. The server will respond with a snippet from User B's file, demonstrating the unauthorized access.

Remediation

Users can update to FileRise version 3.11.0, which addresses this vulnerability by enforcing proper ownership checks in the snippet endpoint, ensuring that 'read_own' users can only access their own files.