SiYuan Personal Knowledge Management System Arbitrary Document Reading Vulnerability

A vulnerability allowing arbitrary document reading has been identified in SiYuan personal knowledge management system, specifically in version 3.6.1 prior to 3.6.2. The issue arises from document IDs being accessible through the /api/file/readDir interface, which could then be used with the /api/block/getChildBlocks interface to retrieve the content of all documents. This vulnerability could lead to unauthorized access to encrypted or restricted documents within the publishing service.

Impact

Exploitation of this vulnerability allows for unauthorized reading of all encrypted or prohibited documents under the publishing service.

Reproduction

To reproduce this vulnerability, first retrieve document IDs using the /api/file/readDir interface. Once the document IDs are obtained, use the /api/block/getChildBlocks interface to access the content of the documents. A proof-of-concept script is available that automates this process by sending a POST request to the /api/block/getChildBlocks API with the specified document ID.

Remediation

Users are advised to update to SiYuan version 3.6.2, which addresses this vulnerability.