Unrestricted Upload of File with Dangerous Type

CVE-2024-10668

Medium

5.9/10

Summary

There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type a FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the "Downloads" folder. Quickshare normally deletes unknown files. However, an attacker can send two Payload transfer frames of type FILE and the same payload ID. The deletion logic will only delete the first file and not the second. We recommend upgrading past commit "5d8b9156e0c339d82d3dab0849187e8819ad92c0".

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-434 - Unrestricted Upload of File with dangerous type

'Unrestricted file upload with dangerous type' attacks involve an attacker uploading or transferring files of dangerous types to the server. The severity of such an attack depends upon the execution mechanism and the storage location of the uploaded file. Thus, it may range from simple defacement to arbitrary file execution, and complete system takeover.

References

Advisory Timeline

Published Nov 07, 2024

Unrestricted Upload of File with Dangerous Type

CVE-2024-10668

Summary

CWE-434 - Unrestricted Upload of File with dangerous type

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS