SiYuan Knowledge Management System Publish Service Bookmark API Access Control Vulnerability

A broken access control vulnerability has been identified in SiYuan, a personal knowledge management system, prior to version 3.6.2. The issue allows unauthenticated visitors to the publish service to access bookmarked blocks from password-protected documents. This vulnerability arises because the publish service's bookmark API bypasses password checks for protected content, exposing sensitive information to unauthorized users.

Impact

Exploitation of this vulnerability allows unauthorized access to bookmarked content from password-protected documents, breaking the confidentiality of the protected publish access level. The exposure is direct and does not require knowledge of the document password.

Reproduction

To reproduce this vulnerability, create a protected document in SiYuan and bookmark a block containing identifiable content. Open the publish service in an incognito session without entering the document password, and send a POST request to the bookmark API. The response will include the bookmarked block from the protected document, confirming the access control bypass.

Remediation

Users can update to SiYuan version 3.6.2, which addresses this vulnerability.