Cloudreve
cpe:2.3:a:cloudreve:cloudreve:*:*:*:*:*:*:*
- < 4.16.0
A path traversal vulnerability has been identified in Cloudreve WebDAV accounts prior to version 4.16.1. The issue arises because the WebDAV request handler does not properly validate the request paths before joining them with the account's root directory. This flaw allows a WebDAV account rooted in a specific folder to access files outside of that folder. Additionally, if the WebDAV account has writable credentials, it can create, overwrite, move, or delete files outside the designated directory. The vulnerability is contained within the same user's namespace and does not affect other users' files or the operating system's filesystem.
Exploitation of this vulnerability allows a WebDAV account to bypass directory restrictions, accessing and manipulating files outside the scoped directory. This undermines the purpose of scoped WebDAV accounts, which is to provide limited access to files.
The vulnerability can be reproduced by sending a WebDAV request that includes a path traversal sequence, such as '..', encoded as '%2e%2e', or using double encoding to bypass path validation. This can be done using a tool like curl, with the request path specified as a raw path to ensure it is not altered by the HTTP client.
Users are advised to update to Cloudreve version 4.16.1 or later, where this vulnerability has been fixed.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.