What the vulnerability does
01Description
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Anssi Laitila Shared Files shared-files.This issue affects Shared Files: from n/a through <= 1.7.19.
Explanation of Vulnerability in Simple Terms
The Shared Files product by Anssi Laitila versions 1.7.19 and earlier lack proper authorization checks. An attacker with network access can read sensitive file metadata without authentication. The vulnerability exposes file information that should be restricted to authorized users only.
What an attacker can do
Read file metadata and information without logging in.
Potential impact on your site
Unauthorized users can discover and access file information that should be private or restricted.
Conditions required to exploit
Network access to the application; no authentication or user interaction required.
Key dates
External resources