Impact
The cloudstore.file.upload action in server/actions/action_cloudstore_file_upload.go writes user-supplied filenames directly to disk without proper validation.
This allows unauthenticated attackers to perform path traversal and zip slip attacks, leading to arbitrary file write and potential remote code execution.
CVSS Score: 10.0 Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
CWE: CWE-22 (Path Traversal)
Patches
Upgrade to a patched version once released. The vulnerability affects all versions <= v0.11.3 (latest).
Workarounds
Restrict access to the cloudstore.file.upload action through authentication and authorization controls until a patch is available.
References
Impact
The
cloudstore.file.uploadaction inserver/actions/action_cloudstore_file_upload.gowrites user-supplied filenames directly to disk without proper validation.This allows unauthenticated attackers to perform path traversal and zip slip attacks, leading to arbitrary file write and potential remote code execution.
CVSS Score: 10.0 Critical
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
CWE: CWE-22 (Path Traversal)
Patches
Upgrade to a patched version once released. The vulnerability affects all versions <= v0.11.3 (latest).
Workarounds
Restrict access to the cloudstore.file.upload action through authentication and authorization controls until a patch is available.
References