Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
History

Tue, 08 Oct 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Saltcorn Collective Ltd
Saltcorn Collective Ltd saltcorn
CPEs cpe:2.3:a:saltcorn_collective_ltd:saltcorn:*:*:*:*:*:*:*:*
Vendors & Products Saltcorn Collective Ltd
Saltcorn Collective Ltd saltcorn
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 07 Oct 2024 21:30:00 +0000

Type Values Removed Values Added
Description Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the `sync/clean_sync_dir` endpoint. The `dir_name` POST parameter is not validated/sanitized and is used to construct the `syncDir` that is deleted by calling `fs.rm`. This issue has been addressed in release version 1.0.0-beta16 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Title Logged-in users with any role can delete arbitrary files in @saltcorn/server
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-07T21:10:22.072Z

Updated: 2024-10-08T14:18:42.962Z

Reserved: 2024-10-03T14:06:12.638Z

Link: CVE-2024-47818

cve-icon Vulnrichment

Updated: 2024-10-08T14:18:35.361Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-07T22:15:04.037

Modified: 2024-10-10T12:57:21.987

Link: CVE-2024-47818

cve-icon Redhat

No data.