{
  "schema_version": "1.4.0",
  "id": "GHSA-qwx8-mxxx-mg96",
  "modified": "2023-02-02T19:27:29Z",
  "published": "2023-02-02T19:26:44Z",
  "aliases": [
    "CVE-2023-0609"
  ],
  "summary": "wallabag contains Improper Authorization via export feature",
  "details": "# Description\n\nThe export feature lets a user export a single entry or a set of entries in a given format (_e.g. PDF, MOBI, TXT_).\n\nFor example, `https://yourinstance.wallabag.org/export/45.pdf` will export the entry with id 45 in PDF format.\n\nSince wallabag 2.0.0-alpha.1, this feature is vulnerable to an insecure direct object reference attack. A logged user can export any single entry without ownership validation.\n\nThis is due to a lack of access validation in the `downloadEntryAction` method.\n\n**You should immediately patch your instance to version 2.5.3 or higher if you have more than one user and/or having open registration.**\n\n# Resolution\n\nA user check is now done in the vulnerable method before sending the exported entry.\n\nThe `Entry` retrieval through a `ParamConverter` has also been replaced with a call to the `EntryRepository` in order to prevent any information disclosure through response discrepancy.\n\n# Workaround\n\nIf you are unable to update to the latest version or if you want to temporarily limit risk of exploitation, you may consider blocking requests to the endpoint `/export/*`.\n\nE.g. with nginx:\n\n``` nginx\n    location /export {\n        deny all;\n    }\n```\n\n# Credits\n\nWe would like to thank @bAuh0lz for reporting this issue through huntr.dev.\n\nReference: https://www.huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0/ ",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wallabag/wallabag"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "2.0.0-alpha.1"
            },
            {
              "fixed": "2.5.3"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/wallabag/wallabag/security/advisories/GHSA-qwx8-mxxx-mg96"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0609"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/wallabag/wallabag"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-285"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-02T19:26:44Z",
    "nvd_published_at": null
  }
}