PaperCut MF Shared Account Synchronization Path Traversal Vulnerability Allowing Unauthorized File Access

A path traversal vulnerability has been identified in the Shared Account Synchronization component of PaperCut MF version 25.0.4. This issue allows administrative users to specify arbitrary file paths on the local file system for account data synchronization. The vulnerability arises from inadequate path validation and sanitization, enabling the unauthorized reading of sensitive text-based configuration or system files. When the synchronization process is initiated, the application parses the contents of the specified file, exposing the data within the account management interface. The impact of this vulnerability varies depending on the permissions of the service account under which the application is running.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive system information or configuration details, depending on the permissions of the service account under which the application is running.

Remediation

Users are advised to upgrade to PaperCut MF version 25.0.11 or later. After upgrading, review the 'security.shared-account-sync.allowed-directory-list' configuration key to ensure it is restricted to authorized directories only. For new installations of version 25.0.11 and later, this setting is configured in its most restrictive state by default.