CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Workflow Platform
Summary
Vulnerability List
[CVE-2021-28171] - Broken Authentication
[CVE-2021-28172] - Path Traversal
[CVE-2021-28173] - Unrestricted File Upload
Details
1. Broken Authentication
Description
The workflow server authenticates user by specific cookie.
Impact
Attackers can tamper specific cookie value to authenticate as any user without knowing their password.
Known Affected Software
- version 4
2. Path Traversal
Description
There is a parameter affected by Path Traversal in download function.
Impact
Attackers can download any files on workflow server without privilege.
Known Affected Software
- version 4
3. Unrestricted File Upload
Description
There is an unauthenticated upload function that does not restrict the file type.
Impact
Attackers can upload file with any file extension, which leads to arbitrary code execution on workflow server without privilege.
Known Affected Software
- version 4
Credits
- Jiarong Chen (CHT Security)
- Hans Wang (CHT Security)
- TsungShu Chiu (CHT Security)