Executive Summary

This vulnerability affects Admidio, an open-source user management solution, in versions from 5.0.0 up to but not including 5.0.8. The issue arises because Admidio relies on the adm_my_files/.htaccess file to prevent direct HTTP access to uploaded documents. However, the Docker image configuration uses AllowOverride None in Apache, causing Apache to ignore all .htaccess files silently. Consequently, any file uploaded to the documents module can be accessed directly over HTTP by anyone who knows the file path, bypassing any role-based permissions set in the user interface. The file path is exposed in the upload response JSON. This vulnerability was fixed in version 5.0.8.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthorized users to access uploaded documents directly via HTTP without any authentication, regardless of the permissions configured in the application. This can lead to exposure of sensitive or confidential files to anyone who knows or can guess the file path, potentially resulting in data leakage or privacy breaches.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if uploaded documents in the Admidio application are accessible directly over HTTP without authentication. Since the file path is disclosed in the upload response JSON, you can attempt to access these files via their URLs to verify if access control is properly enforced.

You can also verify the Apache configuration in the Docker image to see if AllowOverride is set to None, which causes .htaccess files to be ignored.

• Use curl or wget to request an uploaded file URL obtained from the upload response JSON and check if it is accessible without authentication.
• Check the Apache configuration inside the Docker container with commands like: docker exec -it <container_name> cat /etc/apache2/apache2.conf | grep AllowOverride

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Admidio to version 5.0.8 or later, where this issue has been patched.

Alternatively, ensure that the Apache configuration allows .htaccess files to be processed by setting AllowOverride to a value other than None, so that access restrictions defined in adm_my_files/.htaccess are enforced.

Restrict direct HTTP access to uploaded documents by configuring proper access controls on the web server.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthenticated access to uploaded documents regardless of role-based permissions, potentially exposing sensitive personal or protected information.

Such unauthorized data exposure could lead to non-compliance with data protection regulations like GDPR or HIPAA, which require strict access controls and protection of personal and sensitive data.

Therefore, organizations using affected versions of Admidio may face compliance risks until the vulnerability is patched.

Useful 0 Not Useful 0