Configuration: CodiMD - File Upload¶
Identifier:
codimd_unauth_file_upload
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data, or can create a denial of service condition by exhausting all available disk space.
Reference:
- https://github.com/hackmdio/codimd/security/advisories/GHSA-2764-jppc-p2hm
- https://pulsesecurity.co.nz/advisories/codimd-missing-image-access-controls
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.