{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/fireshare/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Fireshare"],"_cs_severities":["high"],"_cs_tags":["path-traversal","web-application","fireshare"],"_cs_type":"advisory","_cs_vendors":["Fireshare"],"content_html":"\u003cp\u003eFireshare, a self-hosted media and link sharing platform, is susceptible to a critical path traversal vulnerability in version 1.5.1. This flaw, identified as CVE-2026-33645, resides within the chunked upload endpoint. By manipulating the \u003ccode\u003echeckSum\u003c/code\u003e multipart field, an authenticated attacker can write arbitrary files to locations outside of the designated upload directory. The vulnerability stems from the direct use of the \u003ccode\u003echeckSum\u003c/code\u003e field in filesystem path construction without proper sanitization or containment checks. Successful exploitation allows writing to any path writable by the Fireshare process (e.g., \u003ccode\u003e/tmp\u003c/code\u003e in containerized deployments), enabling potential compromise and follow-on attacks. Upgrading to version 1.5.2 resolves this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker authenticates to the Fireshare application.\u003c/li\u003e\n\u003cli\u003eAttacker initiates a chunked file upload to the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request with a \u003ccode\u003echeckSum\u003c/code\u003e multipart field containing a path traversal payload (e.g., \u003ccode\u003e../../../tmp/evil.sh\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe Fireshare server processes the request and constructs the file path using the unsanitized \u003ccode\u003echeckSum\u003c/code\u003e value.\u003c/li\u003e\n\u003cli\u003eThe server writes the uploaded chunk to the attacker-specified location (e.g., \u003ccode\u003e/tmp/evil.sh\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eAttacker uploads the complete malicious file through subsequent chunked upload requests.\u003c/li\u003e\n\u003cli\u003eAttacker executes the uploaded file through other means, such as a web shell or command injection vulnerability (out of scope).\u003c/li\u003e\n\u003cli\u003eAttacker achieves arbitrary code execution on the server, potentially leading to privilege escalation or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this path traversal vulnerability (CVE-2026-33645) in Fireshare 1.5.1 allows attackers to write arbitrary files to sensitive locations. This could lead to complete compromise of the Fireshare instance, including the ability to execute arbitrary code. Depending on the deployment environment (e.g., containerized), this may also lead to host compromise. Without specific figures, the potential number of affected installations depends on the adoption rate of Fireshare 1.5.1 before patching.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Fireshare installations to version 1.5.2 or later to remediate CVE-2026-33645.\u003c/li\u003e\n\u003cli\u003eImplement the provided Sigma rule \u003ccode\u003eFireshare Suspicious File Upload Path\u003c/code\u003e to detect attempts to exploit this vulnerability via web server logs.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to the chunked upload endpoint with suspicious path traversal sequences in the \u003ccode\u003ecs-uri-query\u003c/code\u003e field using the same Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-03-fireshare-path-traversal/","summary":"Fireshare version 1.5.1 is vulnerable to an authenticated path traversal, allowing attackers to write arbitrary files outside the intended upload directory due to insufficient sanitization of the `checkSum` field in the chunked upload endpoint.","title":"Fireshare 1.5.1 Authenticated Path Traversal Vulnerability (CVE-2026-33645)","url":"https://feed.craftedsignal.io/briefs/2024-01-03-fireshare-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed - Fireshare","version":"https://jsonfeed.org/version/1.1"}