Описание
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
A flaw was found in Flare, a self-hostable file sharing platform. An authenticated user, who is not the owner of a private file, can access and retrieve the content of that file by knowing its URL and using the raw and direct file routes. This is due to inconsistent access control checks compared to other endpoints, leading to unauthorized information disclosure.
Отчет
This MODERATE vulnerability in Flare allows authenticated users to retrieve private files owned by others via raw and direct file routes. These endpoints only check for authentication, not ownership, creating an authorization bypass. Impact is high confidentiality loss since full file contents are exposed, but requires valid authentication and knowledge of the file URL.
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
EPSS
6.5 Medium
CVSS3