Compliance Impact

The vulnerability allows authenticated users to bypass intended access restrictions by improperly matching directory paths, potentially granting access to unauthorized directories and files.

Such unauthorized access could lead to exposure of sensitive or regulated data, which may violate compliance requirements under standards like GDPR or HIPAA that mandate strict access controls and data protection.

Therefore, this vulnerability could negatively impact compliance by enabling access control failures that compromise data confidentiality and integrity.

Useful 0 Not Useful 0

Executive Summary

This vulnerability in File Browser arises from improper directory boundary enforcement in the path matching logic used to apply access rules. The Matches() function uses a simple prefix check (strings.HasPrefix) to determine if a file path matches an access rule path. However, it does not ensure that the prefix match ends at a directory boundary. For example, a rule intended for the directory "/uploads" would also match paths like "/uploads_backup/", which are sibling directories and should not be matched. This flaw can cause access rules to grant or deny access to unintended directories.

The issue was fixed by modifying the matching logic to append a trailing slash to the rule path (except for root) and checking if the requested path either exactly matches the rule path or starts with the rule path plus a trailing slash. This ensures that only the intended directory or its subdirectories are matched, preventing false positives on similarly named sibling directories.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow authenticated users to bypass intended access restrictions by gaining access to sibling directories that share a common prefix with an allowed directory. For example, if access is granted to "/uploads", a user might also gain unintended access to "/uploads_backup/" or other similarly named directories.

Such unauthorized access can lead to exposure of sensitive files or data stored in directories that were meant to be restricted, potentially compromising confidentiality and security of the system.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves improper directory boundary enforcement in path matching within the File Browser application. Detection involves verifying if access rules incorrectly allow access to sibling directories sharing a common prefix.

To detect this issue, you can test access rules configured in File Browser by attempting to access directories that share prefixes with allowed directories but should be restricted. For example, if a rule allows access to "/uploads", try accessing "/uploads_backup/" or similar sibling directories to see if access is improperly granted.

Since this is a logic flaw in the application code, network-level detection commands are limited. However, you can use curl or similar HTTP clients to test access paths:

• curl -I http://<filebrowser-host>/uploads_backup/
• curl -I http://<filebrowser-host>/uploads/

Compare the HTTP response headers or status codes to determine if access is granted where it should not be.

Additionally, review the File Browser configuration files or rules to identify any rules that use prefixes without trailing slashes, which may be vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade File Browser to version 2.63.1 or later, where the vulnerability is fixed by correcting the path matching logic.

If upgrading immediately is not possible, review and adjust access rules to ensure that directory prefixes end with a trailing slash or are exact matches to prevent unintended access to sibling directories.

As a temporary workaround, restrict access to sensitive directories by more specific rules or by limiting authenticated user permissions to reduce the risk of unauthorized access.

Monitor access logs for suspicious requests attempting to access sibling directories of allowed paths.

Useful 0 Not Useful 0