Permissions check bypass in Seafile
CVE-2021-43820

7.4HIGH

Key Information:

Vendor: Haiwen
Status: Seafile-server
Vendor: CVE Published:; 14 December 2021

What is CVE-2021-43820?

Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any known library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.

Affected Version(s)

seafile-server Community Edition < 8.0.8 < Community Edition 8.0.8

seafile-server Pro Edition < 8.0.15 < Pro Edition 8.0.15

References

https://github.com/haiwen/seafile-server/security/advisor...

x_refsource_CONFIRM

https://github.com/haiwen/seafile-server/pull/520

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2021
Vulnerability Reserved
Nov 16, 2021

CVE-2021-43820 Data

JSON

Haiwen

What is CVE-2021-43820?

Affected Version(s)

References

CVSS V3.1

Timeline