Vulnerability Description
Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf-server. Upon receiving a token from sync client or SeaDrive client, the server checks whether the token exist in the cache. However, if the token exists in cache, the server doesn't check whether it's associated with the specific library in the URL. This vulnerability makes it possible to use any valid sync token to access data from any **known** library. Note that the attacker has to first find out the ID of a library which it has no access to. The library ID is a random UUID, which is not possible to be guessed. There are no workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Seafile | Seafile Server | < 8.0.8 |
Related Weaknesses (CWE)
References
- https://github.com/haiwen/seafile-server/pull/520PatchThird Party Advisory
- https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8Third Party Advisory
- https://github.com/haiwen/seafile-server/pull/520PatchThird Party Advisory
- https://github.com/haiwen/seafile-server/security/advisories/GHSA-m3wc-jv6r-hvv8Third Party Advisory
FAQ
What is CVE-2021-43820?
CVE-2021-43820 is a vulnerability with a CVSS score of 7.4 (HIGH). Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf...
How severe is CVE-2021-43820?
CVE-2021-43820 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-43820?
Check the references section above for vendor advisories and patch information. Affected products include: Seafile Seafile Server.