GHSA-xg8v-m2mh-45m6

Source

https://github.com/advisories/GHSA-xg8v-m2mh-45m6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-xg8v-m2mh-45m6/GHSA-xg8v-m2mh-45m6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xg8v-m2mh-45m6

Aliases

CVE-2024-31453

Related

CVE-2024-31453

Published

2024-04-05T17:15:24Z

Modified

2024-04-10T18:58:57.614288Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

PsiTransfer: Violation of the integrity of file distribution

Details

Summary The absence of restrictions on the endpoint, which allows you to create a path for uploading a file in a file distribution, allows an attacker to add arbitrary files to the distribution.

Details Vulnerable endpoint: POST /files

PoC 1. Create a file distribution. <img width="1434" alt="Снимок экрана 2024-03-17 в 21 27 30" src="https://github.com/psi-4ward/psitransfer/assets/163760990/4634a6f7-6e7d-486e-9929-76156aaa1340">

Go to the link address (id of the file distribution is needed by an attacker to upload files there). <img width="1426" alt="Снимок экрана 2024-03-17 в 21 27 35" src="https://github.com/psi-4ward/psitransfer/assets/163760990/a57c910c-69e2-4b07-985d-b0a46c69891a">
Send a POST /files. As the value of the Upload-Metadata header we specify the sid parameter with the id of the file distribution obtained in the second step. In the response from the server in the Location header we get the path for uploading a new file to the file distribution. <img width="1403" alt="Снимок экрана 2024-03-17 в 21 28 09" src="https://github.com/psi-4ward/psitransfer/assets/163760990/8b839fb8-2c0b-432f-8503-e4c42a840056">
Send a PATCH /files/{{id}} request with arbitrary content in the request body. Id is taken from the previous step. <img width="1067" alt="Снимок экрана 2024-03-17 в 21 28 51" src="https://github.com/psi-4ward/psitransfer/assets/163760990/c5b2acf3-fdf1-4780-8c63-61a7f19338df">

Result: <img width="1432" alt="Снимок экрана 2024-03-17 в 21 29 05" src="https://github.com/psi-4ward/psitransfer/assets/163760990/c49b17c8-e1d2-4894-b6e2-f50b9663fca7"> <img width="1424" alt="Снимок экрана 2024-03-17 в 21 29 15" src="https://github.com/psi-4ward/psitransfer/assets/163760990/e4a1e07d-3e77-4f61-a4e7-ceee4a5a7b8e">

Impact The vulnerability allows an attacker to influence those users who come to the file distribution after him and slip the victim files with a malicious or phishing signature.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-05T17:15:24Z",
    "cwe_ids": [
        "CWE-434"
    ],
    "nvd_published_at": "2024-04-09T18:15:09Z",
    "severity": "MODERATE"
}

References

Affected packages

npm / psitransfer

Package

Name: psitransfer; View open source insights on deps.dev
Purl: pkg:npm/psitransfer

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.0