Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability in the nexent backend service allows unauthenticated attackers to delete arbitrary files from storage. This is a critical issue because it can lead to significant data loss and service disruptions.
- Can delete any stored files.
- Causes data loss and service outages.
- Accessible remotely.
Attack Path
How an attacker could exploit the issue
Attackers can exploit this flaw to delete arbitrary files from the backend storage. This could be used to cause data loss or disrupt services by removing critical files.
- Unauthenticated network access required.
- Target the file management API.
- Delete critical system files.
Live Threat
Current exploitation, exposure, and threat context
Attackers will likely find this vulnerability appealing due to its critical severity and direct impact on data integrity and availability. The unauthenticated and direct nature of the API endpoint, which allows for arbitrary file deletion, makes it a prime target for disruptive attacks. While the vulnerability itself is exploitable remotely, its presence within a backend service suggests attackers may need initial network access or a path to reach it.
- No public exploit code observed.
- No KEV listing signal.
- Exploitation requires targeting a backend service.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize immediate blocking of unauthenticated DELETE requests to the `/storage/{object_name:path}` endpoint. This vulnerability allows unauthenticated remote attackers to delete arbitrary files, causing data loss and denial of service. Since exploitation is possible via network and requires no privileges, focus on containing access to this API.
- Block unauthenticated DELETE requests.
- Monitor logs for suspicious file deletion activity.
- Restrict access to internal traffic only.
