CVE-2021-43820 (GCVE-0-2021-43820)
Vulnerability from cvelistv5 – Published: 2021-12-14 18:55 – Updated: 2024-08-04 04:03
VLAI?
Summary
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.
Severity ?
7.4 (High)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| haiwen | seafile-server |
Affected:
Community Edition < 8.0.8
Affected: Pro Edition < 8.0.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:09.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "seafile-server",
"vendor": "haiwen",
"versions": [
{
"status": "affected",
"version": "Community Edition \u003c 8.0.8"
},
{
"status": "affected",
"version": " Pro Edition \u003c 8.0.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-14T18:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
],
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
},
"title": "Permissions check bypass in Seafile",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43820",
"STATE": "PUBLIC",
"TITLE": "Permissions check bypass in Seafile"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "seafile-server",
"version": {
"version_data": [
{
"version_value": "Community Edition \u003c 8.0.8"
},
{
"version_value": " Pro Edition \u003c 8.0.15"
}
]
}
}
]
},
"vendor_name": "haiwen"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8",
"refsource": "CONFIRM",
"url": "https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8"
},
{
"name": "https://github.com/haiwen/seafile-server/pull/520",
"refsource": "MISC",
"url": "https://github.com/haiwen/seafile-server/pull/520"
}
]
},
"source": {
"advisory": "GHSA-m3wc-jv6r-hvv8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43820",
"datePublished": "2021-12-14T18:55:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:09.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*\", \"versionEndExcluding\": \"8.0.8\", \"matchCriteriaId\": \"58002BD3-0F91-43BA-B2A5-795057DAEA71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*\", \"versionEndExcluding\": \"8.0.15\", \"matchCriteriaId\": \"23BB449E-446B-490F-982B-FD5720302333\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*\", \"versionStartIncluding\": \"9.0.0\", \"versionEndExcluding\": \"9.0.2\", \"matchCriteriaId\": \"54565D96-E035-4CB3-8AF0-8ED3EB98D81B\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.\"}, {\"lang\": \"es\", \"value\": \"Seafile es un sistema de almacenamiento en la nube de c\\u00f3digo abierto. En el protocolo de sincronizaci\\u00f3n de archivos de Seafile es usado un token de sincronizaci\\u00f3n para autorizar el acceso a los datos de la biblioteca. Para mejorar el rendimiento, el token es almacenado en la memoria del servidor Seaf. Al recibir un token del cliente de sincronizaci\\u00f3n o del cliente SeaDrive, el servidor comprueba si el token se presenta en la cach\\u00e9. Sin embargo, si el token se presenta en la cach\\u00e9, el servidor no comprueba si est\\u00e1 asociado a la biblioteca espec\\u00edfica en la URL. Esta vulnerabilidad permite usar cualquier token de sincronizaci\\u00f3n v\\u00e1lido para acceder a los datos de cualquier biblioteca **known**. Tenga en cuenta que el atacante debe averiguar primero el ID de una biblioteca a la que no presenta acceso. El ID de la biblioteca es un UUID aleatorio, que no es posible adivinar. No se presentan soluciones para este problema\"}]",
"id": "CVE-2021-43820",
"lastModified": "2024-11-21T06:29:51.850",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-12-14T19:15:07.617",
"references": "[{\"url\": \"https://github.com/haiwen/seafile-server/pull/520\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/haiwen/seafile-server/pull/520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-639\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-43820\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-12-14T19:15:07.617\",\"lastModified\":\"2024-11-21T06:29:51.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn\u0027t check whether it\u0027s associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.\"},{\"lang\":\"es\",\"value\":\"Seafile es un sistema de almacenamiento en la nube de c\u00f3digo abierto. En el protocolo de sincronizaci\u00f3n de archivos de Seafile es usado un token de sincronizaci\u00f3n para autorizar el acceso a los datos de la biblioteca. Para mejorar el rendimiento, el token es almacenado en la memoria del servidor Seaf. Al recibir un token del cliente de sincronizaci\u00f3n o del cliente SeaDrive, el servidor comprueba si el token se presenta en la cach\u00e9. Sin embargo, si el token se presenta en la cach\u00e9, el servidor no comprueba si est\u00e1 asociado a la biblioteca espec\u00edfica en la URL. Esta vulnerabilidad permite usar cualquier token de sincronizaci\u00f3n v\u00e1lido para acceder a los datos de cualquier biblioteca **known**. Tenga en cuenta que el atacante debe averiguar primero el ID de una biblioteca a la que no presenta acceso. El ID de la biblioteca es un UUID aleatorio, que no es posible adivinar. No se presentan soluciones para este problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-639\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*\",\"versionEndExcluding\":\"8.0.8\",\"matchCriteriaId\":\"58002BD3-0F91-43BA-B2A5-795057DAEA71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:seafile:seafile_server:*:*:*:*:professional:*:*:*\",\"versionEndExcluding\":\"8.0.15\",\"matchCriteriaId\":\"23BB449E-446B-490F-982B-FD5720302333\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:seafile:seafile_server:*:*:*:*:community:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.2\",\"matchCriteriaId\":\"54565D96-E035-4CB3-8AF0-8ED3EB98D81B\"}]}]}],\"references\":[{\"url\":\"https://github.com/haiwen/seafile-server/pull/520\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/haiwen/seafile-server/pull/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…