############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: ONELAN CMS [1] # Vendor: ONELAN # CSNC ID: CSNC-2018-011 # Subject: Insufficient Authorization Checks # Risk: High # Effect: Remotely exploitable # Author: Stephan Sekula # Date: 06.02.2018 # ############################################################# Introduction: ------------- The ONELAN Content Management System (CMS) software leverages more than a decade of development and industry experience to deliver users a business tool that makes creating, publishing and managing content simple and dependable. [1] Compass Security discovered a security flaw in the ONELAN CMS, which allows authenticated users to access arbitrary files in the system's /data directory. Affected: --------- Vulnerable: * CMS V3.3.0 Build 56815 Technical Description --------------------- The application does not sufficiently check a user's authorization for certain requests. A logged-in user is able to access arbitrary files in the /data directory, such as server log files and backups. Workaround / Fix: ----------------- This issue can be fixed by checking a user's authorization for every issued request. If a user is not authorized to access a file, the request needs to be denied. Timeline: --------- 2018-05-29: Public disclosure 2018-05-28: Release of fixed version/patch 2018-02-12: Initial vendor response 2018-02-06: Initial vendor notification 2018-02-06: Discovery by Stephan Sekula References: ----------- [1] https://onelan.com/products/publisher-cms/