| Título | Kodbox 1.64 Improper Access Controls |
|---|
| Descrição | In kodbox, when a collaborative folder is shared internally and protected with a folderPassword, only directory listing APIs (such as explorer/list/path) actually enforce this password. The core access control logic in app/controller/explorer/auth.class.php::can() returns after checking checkShare() for KOD_SHARE_ITEM paths and skips the subsequent folder password checks. As a result, a low-privilege collaborator who cannot list the folder contents without entering the password can still directly download files from that folder using explorer/index/fileOut with a path like {shareItem:<shareID>}/<fileSourceID>, completely bypassing the folder password barrier.
Fixing this requires applying explorer.listPassword->authCheck() and related checks to share-item paths as well, and centralizing folder password enforcement so that it runs before all read operations (file download, editor read, zip download, etc.), not just on listing endpoints. |
|---|
| Fonte | ⚠️ https://vulnplus-note.wetolink.com/share/xdk9igJ3sulk |
|---|
| Utilizador | vulnplusbot (UID 96250) |
|---|
| Submissão | 09/03/2026 05h12 (há 28 dias) |
|---|
| Moderação | 25/03/2026 15h11 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 353128 [kalcaddle kodbox 1.64 Password-protected Share auth.class.php can Autenticação fraca] |
|---|
| Pontos | 20 |
|---|