GHSA-2P2X-P7WJ-J5H2
Vulnerability from github – Published: 2024-04-05 17:15 – Updated: 2024-04-09 18:47Summary
The absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution.
Details
Vulnerable endpoint: PATCH /files/{{id}}
PoC
-
Create a file distribution.
-
Go to the link address for downloading files and download the file (in this case, the attacker receives the file id from the download request).
-
Send a PATCH /files/{{id}} request with arbitrary content in the request body.
Thus, the file with the specified id will be changed. What the attacker specifies in the body of the request will be added to the end of the original content. In the future, users will download the modified file.
Impact
The vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "psitransfer"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-31454"
],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": true,
"github_reviewed_at": "2024-04-05T17:15:27Z",
"nvd_published_at": "2024-04-09T18:15:10Z",
"severity": "MODERATE"
},
"details": "### Summary\nThe absence of restrictions on the endpoint, which is designed for uploading files, allows an attacker who received the id of a file distribution to change the files that are in this distribution.\n\n### Details\nVulnerable endpoint: PATCH /files/{{id}}\n\n### PoC\n1. Create a file distribution.\n\n2. Go to the link address for downloading files and download the file (in this case, the attacker receives the file id from the download request).\n\n3. Send a PATCH /files/{{id}} request with arbitrary content in the request body.\n\nThus, the file with the specified id will be changed. What the attacker specifies in the body of the request will be added to the end of the original content. In the future, users will download the modified file.\n\n### Impact\nThe vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.",
"id": "GHSA-2p2x-p7wj-j5h2",
"modified": "2024-04-09T18:47:05Z",
"published": "2024-04-05T17:15:27Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/psi-4ward/psitransfer/security/advisories/GHSA-2p2x-p7wj-j5h2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31454"
},
{
"type": "WEB",
"url": "https://github.com/psi-4ward/psitransfer/commit/0014d81141e0f1664ccb6841970ef1ea0237cca3"
},
{
"type": "PACKAGE",
"url": "https://github.com/psi-4ward/psitransfer"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "PsiTransfer: File integrity violation"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.