-
Bug
-
Resolution: Fixed
-
Major
-
None
-
None
-
None
-
Ametys 4.3.18
-
4.5 RC2
Hi,
I found a vulnerability in the auto-completion plugin.
The auto-completion plugin exposes an XML file containing all the words typed inside the posts both private and public. This file is exposed without authentication at :
https://www.adomain.tld/plugins/web/service/search/auto-completion/adomain/en.xml
It is possible for an attacker to extract the complete content of the xml file even with the limit set to 10 matching results using API scrapping techniques such as this one: https://podalirius.net/en/articles/scraping-search-apis-depth-first-style/
The information present in this xml file can contain sensitive information such as passwords, IP addresses, usernames and emails. I successfully managed to get a list of valid usernames from this auto-completion XML file in one of my clients apps, without authentication.
Fix: I think the auto-completion plugin should not expose this XML file at all, but if it does it should be at least protected by authentication.
Best regards,
Hi,
I am going to present the technical detail of this vulnerability in a security conference at the beginning of April, do you know if it will be fixed by then ?
Also, I'm requesting a CVE id to properly identify this vulnerability
Best regards,