Описание
Gokapi vulnerable to Privilege Escalation in File Replace
Summary
An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads.
Impact
Any authenticated user with PERM_REPLACE (replace own files) and PERM_LIST (view other users' uploads) can delete any other user's file without needing PERM_DELETE.
Пакеты
github.com/forceu/gokapi
<= 2.2.3
2.2.4
Связанные уязвимости
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4.