Publish Advisories

GHSA-42cr-w2gr-m54q
GHSA-g8gc-6c4h-jg86
GHSA-vw86-c94w-v3x4

Author: advisory-database[bot]

advisories/github-reviewed/2026/02/GHSA-42cr-w2gr-m54q/GHSA-42cr-w2gr-m54q.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-42cr-w2gr-m54q",
-  "modified": "2026-02-27T21:59:39Z",
+  "modified": "2026-04-15T20:41:17Z",
   "published": "2026-02-26T22:15:30Z",
   "aliases": [
     "CVE-2026-27838"

advisories/github-reviewed/2026/02/GHSA-g8gc-6c4h-jg86/GHSA-g8gc-6c4h-jg86.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-g8gc-6c4h-jg86",
-  "modified": "2026-02-27T21:59:53Z",
+  "modified": "2026-04-15T20:41:30Z",
   "published": "2026-02-26T22:15:51Z",
   "aliases": [
     "CVE-2026-27839"

advisories/github-reviewed/2026/04/GHSA-vw86-c94w-v3x4/GHSA-vw86-c94w-v3x4.json

@@ -1,11 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-vw86-c94w-v3x4",
-  "modified": "2026-04-10T19:32:12Z",
+  "modified": "2026-04-15T20:40:25Z",
   "published": "2026-04-10T19:32:12Z",
-  "aliases": [],
+  "aliases": [
+    "CVE-2026-40318"
+  ],
   "summary": "SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`",
-  "details": "SiYuan's publish/read-only boundary can be broken through `/api/av/removeUnusedAttributeView`.\n\nA publish-service Reader context can call this endpoint because it is protected only by `CheckAuth`, and publish requests are forwarded upstream with a valid `RoleReader` JWT. The handler accepts attacker-controlled `id` input and passes it directly into a filesystem delete sink:\n\n- no admin check\n- no readonly check\n- no node-ID validation\n- no subpath enforcement\n- no verification that the target AV is actually unused\n\nBecause the sink builds the file path with:\n\n```go\nfilepath.Join(util.DataDir, \"storage\", \"av\", id+\".json\")\n```\n\nan attacker can supply `../` path traversal sequences and delete arbitrary `.json` files reachable from the workspace, rather than only `data/storage/av/<id>.json`.\n\nThis is a real write/destructive authorization bug, not a `visible=false` listing issue.\n\n## Impact\n\nAn attacker with publish-reader access can delete arbitrary `.json` files under the workspace path reachable from `data/storage/av/` using traversal payloads.\n\nExamples of realistic targets:\n\n- `../local` -> `data/storage/local.json`\n- `../../storage/recent-doc` -> `data/storage/recent-doc.json`\n- `../../storage/outline` -> `data/storage/outline.json`\n- `../../storage/criteria` -> `data/storage/criteria.json`\n- `../../../conf/conf` -> `conf/conf.json`\n\nPractical impact includes:\n\n- persistent destruction of Attribute View definitions\n- deletion of global workspace configuration\n- deletion of local storage and outline state\n- corruption of user state that survives reload\n- forced reset/recovery flows or broken UI behavior\n\nEven if some files can be regenerated, this is still a publish-reader to persistent server-side delete primitive against workspace data.\n\n## Source to Sink\n\n### Source 1: publish service issues Reader-role JWTs\n\n`kernel/server/proxy/publish.go`\n\nThe publish reverse proxy forwards requests to the kernel and injects `X-Auth-Token`.\n\n### Source 2: publish accounts are Reader-role accounts\n\n`kernel/model/auth.go`\n\nPublish accounts are created with `RoleReader`.\n\n### Source 3: generic auth accepts Reader role\n\n`kernel/model/session.go`\n\n`CheckAuth` allows:\n\n- `RoleAdministrator`\n- `RoleEditor`\n- `RoleReader`\n\n### Source 4: dangerous route is only guarded by `CheckAuth`\n\n[`kernel/api/router.go#L507`](/root/audit/siyuan/kernel/api/router.go#L507)\n\n```go\nginServer.Handle(\"POST\", \"/api/av/removeUnusedAttributeView\", model.CheckAuth, removeUnusedAttributeView)\n```\n\n### Source 5: attacker-controlled `id` is passed straight to model\n\n[`kernel/api/av.go#L32-L45`](/root/audit/siyuan/kernel/api/av.go#L32)\n\n```go\navID := arg[\"id\"].(string)\nmodel.RemoveUnusedAttributeView(avID)\n```\n\nThere is no:\n\n- `util.InvalidIDPattern(...)`\n- allowlist\n- normalization check\n- verification that the caller should modify this object\n\n### Sink: path traversal reaches filesystem delete\n\n[`kernel/model/attribute_view.go#L49-L76`](/root/audit/siyuan/kernel/model/attribute_view.go#L49)\n\n```go\nabsPath := filepath.Join(util.DataDir, \"storage\", \"av\", id+\".json\")\n...\nif err = filelock.RemoveWithoutFatal(absPath); err != nil {\n```\n\nBecause `id` is not validated, inputs like `../../../conf/conf` resolve outside `data/storage/av/`.\n\nExamples:\n\n```text\n../../../conf/conf              -> <workspace>/conf/conf.json\n../local                        -> <workspace>/data/storage/local.json\n../../storage/recent-doc        -> <workspace>/data/storage/recent-doc.json\n../../storage/outline           -> <workspace>/data/storage/outline.json\n../../storage/criteria          -> <workspace>/data/storage/criteria.json\n```\n\n## Proof of Concept\n\nPrerequisite:\n\n- publish service enabled\n- attacker has publish-reader access, or anonymous publish access if publish auth is disabled\n\nRequest:\n\n```http\nPOST /api/av/removeUnusedAttributeView HTTP/1.1\nHost: <publish-host>:6808\nContent-Type: application/json\n\n{\n  \"id\": \"../../../conf/conf\"\n}\n```\n\nExpected result:\n\n- request is accepted from publish context\n- backend resolves target to `<workspace>/conf/conf.json`\n- target file is removed\n\nSafer validation targets for testing:\n\n```json\n{\"id\":\"../local\"}\n{\"id\":\"../../storage/recent-doc\"}\n{\"id\":\"../../storage/outline\"}\n```\n\nThese demonstrate traversal without immediately targeting the main config file.\n\n\n## Root Cause\n\nTwo separate authorization/design failures combine here:\n\n1. publish Reader contexts are treated as fully authenticated for `CheckAuth` routes\n2. a destructive internal endpoint trusts raw `id` input as a filesystem path component\n\nEither issue would be dangerous; together they produce a high-impact delete primitive.\n\n## Remediation\n\n### 1. Lock the endpoint down properly\n\n`/api/av/removeUnusedAttributeView` should require:\n\n- `CheckAdminRole`\n- `CheckReadonly`\n\n### 2. Validate the identifier\n\nReject anything that is not a valid AV/node ID. For example, enforce `util.InvalidIDPattern(...)` or an equivalent strict allowlist.\n\n### 3. Enforce subpath safety\n\nAfter path construction, verify the resolved path remains under the intended directory:\n\n```go\nbase := filepath.Join(util.DataDir, \"storage\", \"av\")\nabsPath := filepath.Join(base, id+\".json\")\nif !util.IsSubPath(base, absPath) {\n    return error\n}\n```\n\n### 4. Actually verify \"unused\"\n\nBefore deletion, confirm that the requested AV is in the computed unused set. The current single-delete API does not do that at all.\n\n### 5. Add regression tests\n\nAdd negative tests proving a publish-reader context cannot:\n\n- call this endpoint successfully\n- delete a valid AV directly\n- pass traversal strings such as `../local`\n- escape `data/storage/av/`\n\n## Key References\n\n- Route exposure: [`kernel/api/router.go#L507`](/root/audit/siyuan/kernel/api/router.go#L507)\n- Handler: [`kernel/api/av.go#L32`](/root/audit/siyuan/kernel/api/av.go#L32)\n- Delete sink: [`kernel/model/attribute_view.go#L49`](/root/audit/siyuan/kernel/model/attribute_view.go#L49)\n- Publish proxy token forwarding: [`kernel/server/proxy/publish.go`](/root/audit/siyuan/kernel/server/proxy/publish.go)\n- Reader JWT issuance: [`kernel/model/auth.go`](/root/audit/siyuan/kernel/model/auth.go)\n- `CheckAuth` accepting `RoleReader`: [`kernel/model/session.go#L201`](/root/audit/siyuan/kernel/model/session.go#L201)",
+  "details": "## Summary\n\nThe endpoint `/api/av/removeUnusedAttributeView` is vulnerable to a **path traversal (CWE-22)** that allows an attacker to delete arbitrary `.json` files on the server.\n\nThe issue arises because user-controlled input (`id`) is directly used in filesystem path construction without validation or restriction.\n\n> Access to this endpoint (e.g., via a Reader-role or publish context) is considered a precondition and not part of the vulnerability. The root cause is unsafe path handling.\n\n---\n\n## Steps To Reproduce\n\n1. Ensure the target instance has the publish service enabled (or any valid access to the endpoint).\n2. Send the following request:\n\n```http\nPOST /api/av/removeUnusedAttributeView HTTP/1.1\nHost: <target>\nContent-Type: application/json\n\n{\n  \"id\": \"../../../conf/conf\"\n}\n```\n\n3. Observe that the request is accepted.\n4. The server resolves the path outside the intended directory and deletes the target file.\n\n---\n\n## Impact\n\nAn attacker can delete arbitrary `.json` files within the workspace directory.\n\nThis may lead to:\n\n* Deletion of global configuration files (e.g., `conf/conf.json`)\n* Loss of user data and application state\n* Corruption of workspace metadata\n* Persistent application instability or forced recovery\n\nThis represents a **server-side arbitrary file deletion primitive**, which can have severe impact depending on the targeted files.\n\n---\n\n## Technical Details\n\nThe vulnerable code constructs file paths as follows:\n\n```go\nfilepath.Join(util.DataDir, \"storage\", \"av\", id+\".json\")\n```\n\nBecause `id` is not validated, attackers can inject path traversal sequences such as `../` to escape the intended directory.\n\n### Example payloads\n\n* `../local` → `data/storage/local.json`\n* `../../storage/outline` → `data/storage/outline.json`\n* `../../../conf/conf` → `conf/conf.json`\n\nNo validation or restriction is applied to:\n\n* input format\n* path normalization\n* directory boundaries\n\n---\n\n## Root Cause\n\n* Untrusted user input (`id`) is directly used in filesystem path construction\n* No input validation or sanitization\n* No enforcement that the resolved path stays within the intended directory\n\n---\n\n## Remediation\n\n1. **Validate input strictly**\n\n   * Only allow valid Attribute View IDs\n   * Reject any input containing path traversal sequences\n\n2. **Enforce directory boundaries**\n\n```go\nbase := filepath.Join(util.DataDir, \"storage\", \"av\")\nabsPath := filepath.Join(base, id+\".json\")\n\nif !util.IsSubPath(base, absPath) {\n    return error\n}\n```\n\n3. **Normalize paths before use**\n\n   * Ensure canonical paths cannot escape the base directory\n\n4. **Add additional logical checks**\n\n   * Verify that the target object is valid and allowed to be deleted\n\n---",
   "severity": [
     {
       "type": "CVSS_V3",