-
Type:
Bug
-
Resolution: Done
-
Priority:
Highest
-
Affects Version/s: 3.4.0
-
AMRIT Sprint 48, AMRIT Sprint 49
-
Platform
-
UAT
An unauthenticated file access vulnerability allows users to retrieve sensitive files without proper authorization. The application fails to enforce access controls on specific file endpoints, enabling unauthorized users to access files that may contain sensitive or internal information.
| Vulnerability Name | Vulnerable Point, Port or Parameter | CVE/CWE | CVSS Score | Overall Risk (Severity) |
Mapping with OWASP Testing Checklist | Observation / Description | Impact | Recommendation | Reference | Steps to reproduce |
| Unauthenticated File Access | https://uatamrit.piramalswasthya.org/ecd/supervisor/innerpage-supervisor?data=smsTemplate | CWE-284 | 7.6 | High | OWASP Authorization Testing | The application failed to restrict access to uploaded files, allowing anyone with the file URL to view or download the content. This is a classic example of broken access control leading to unauthenticated direct access to sensitive files, exposing potentially confidential or private data to unauthorized users. | Sensitive files (documents, images, etc.) can be accessed publicly, leading to data leakage. | Implement strict access control checks on file storage and retrieval endpoints. Store files in locations inaccessible directly via public URLs or implement authentication/authorization before serving files. Consider generating signed URLs with expiration for temporary secure access. |
https://owasp.org/Top10/A01_2021-Broken_Access_Control/ | Step 1: During the security assessment, it was observed that files already uploaded via the file upload functionality could be accessed directly from an unauthenticated browser session in another browser. This means the uploaded files were accessible without any authentication or authorization checks. |
- blocks
-
-
- Closed
-
