Configuration: CodiMD - File Upload¶
Identifier:
codimd_unauth_file_upload
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | WebApp Scanner | ASM Scanner |
|---|---|---|---|
Description¶
CodiMD does not require valid authentication to access uploaded images or upload new image data, potentially allowing unauthorized access to uploaded files or denial of service attacks by exhausting disk space.
How we test: We test for unauthenticated file upload vulnerabilities in CodiMD by attempting to upload files and access uploaded images without authentication, then analyzing responses to detect if file upload functionality is accessible without proper authorization.
Reference:
- https://github.com/hackmdio/codimd/security/advisories/GHSA-2764-jppc-p2hm
- https://pulsesecurity.co.nz/advisories/codimd-missing-image-access-controls
Configuration¶
Example¶
Example configuration:
Reference¶
skip¶
Type : boolean
Skip the test if true.