Horizon Alert
Summary of the vulnerability and why it matters
This vulnerability in FileBrowser Quantum allows an unauthenticated attacker to delete files outside of their intended shared directory. This is a critical issue because it can lead to the deletion of arbitrary files within the share owner's storage scope, potentially causing data loss.
- Attackers can delete files remotely.
- Data loss is possible.
- Affects public file sharing.
Attack Path
How an attacker could exploit the issue
An unauthenticated attacker can exploit this flaw by crafting a malicious request to delete arbitrary files outside of a shared directory. This is possible if they have a valid public share hash and delete permissions are enabled for that share. The attacker leverages the path traversal vulnerability in the API endpoints to escape the intended directory.
- Public API endpoints targeted.
- Requires valid share hash.
- Delete permission must be enabled.
Live Threat
Current exploitation, exposure, and threat context
This vulnerability allows an unauthenticated attacker with delete permissions on a public share to delete arbitrary files outside the intended directory. This is concerning because it targets a web-based file manager that is often exposed publicly, and the exploit requires only a public share hash with delete permissions enabled.
- Unauthenticated attacker exploitation.
- Public share hash with delete permissions.
- Targets web-based file management.
Priority actions
Operational Fix
Recommended remediation, mitigation, and detection steps
Prioritize actions to address unauthenticated arbitrary file deletion in FileBrowser Quantum, especially for public shares with delete permissions enabled. Teams should focus on immediate mitigation and patching to prevent unauthorized data loss.
- Update to 1.3.1-stable or 1.3.9-beta.
- Disable delete permissions on public shares.
- Monitor for unusual file deletion activity.
