Skip to content

Custom REST endpoints lack user permissions

Moderate
dkotter published GHSA-fxxq-j2vx-j99r Apr 5, 2023

Package

composer 10up/classifai (Composer)

Affected versions

<= 1.8.1

Patched versions

2.0.0

Description

Summary

The custom REST endpoints that are used by the Azure ComputerVision provider do not run any sort of user permission checking, allowing these endpoints to be called by anyone.

Details

There are 5 custom REST endpoints that are used by the Azure ComputerVision provider within the Language Processing service. These endpoints run __return_true for their permission_callback (in essence not doing any sort of permission checking) and none of them run any sort of user permission checks within the main callback function.

Impacted endpoints:

classifai/includes/Classifai/Services/ImageProcessing.php

Lines 130 to 183 in edecbb2

register_rest_route(
'classifai/v1',
'alt-tags/(?P<id>\d+)',
[
'methods' => 'GET',
'callback' => [ $this, 'provider_endpoint_callback' ],
'args' => [ 'route' => [ 'alt-tags' ] ],
'permission_callback' => '__return_true',
]
);
register_rest_route(
'classifai/v1',
'image-tags/(?P<id>\d+)',
[
'methods' => 'GET',
'callback' => [ $this, 'provider_endpoint_callback' ],
'args' => [ 'route' => [ 'image-tags' ] ],
'permission_callback' => '__return_true',
]
);
register_rest_route(
'classifai/v1',
'ocr/(?P<id>\d+)',
[
'methods' => 'GET',
'callback' => [ $this, 'provider_endpoint_callback' ],
'args' => [ 'route' => [ 'ocr' ] ],
'permission_callback' => '__return_true',
]
);
register_rest_route(
'classifai/v1',
'smart-crop/(?P<id>\d+)',
[
'methods' => 'GET',
'callback' => [ $this, 'provider_endpoint_callback' ],
'args' => [ 'route' => [ 'smart-crop' ] ],
'permission_callback' => '__return_true',
]
);
register_rest_route(
'classifai/v1',
'read-pdf/(?P<id>\d+)',
[
'methods' => 'GET',
'callback' => [ $this, 'provider_endpoint_callback' ],
'args' => [ 'route' => [ 'read-pdf' ] ],
'permission_callback' => '__return_true',
]
);

Because there's no permission checking, this means that once you have proper authentication setup for ComputerVision and one or more features are turned on, anyone can hit the endpoints for those features, passing in a valid attachment ID, and have functionality run (like generating alt text or tagging images).

PoC

Configuration

  1. Set up a ClassifAI site from scratch (WP + the plugin only)
  2. Add a new image or PDF (depending on which feature you want to test) to the Media Library, making note of the attachment ID
  3. Go to the Image Processing > Microsoft Azure settings page (/wp-admin/admin.php?page=image_processing)
  4. Add in a valid Endpoint URL and API Key and turn on one or more features then hit Save Changes

PoC using attachment ID from above

  1. Find the endpoint that corresponds to the feature you turned on:
    • /wp-json/classifai/v1/alt-tags/ATTACHMENT_ID for the Generate descriptive text feature
    • /wp-json/classifai/v1/image-tags/ATTACHMENT_ID for the Tag images feature
    • /wp-json/classifai/v1/smart-crop/ATTACHMENT_ID for the Enable smart cropping feature
    • /wp-json/classifai/v1/ocr/ATTACHMENT_ID for the Scan images for text feature
    • /wp-json/classifai/v1/read-pdf/ATTACHMENT_ID for the Enable scanning PDF feature (ensure you uploaded a PDF to test this)
  2. Run a curl request to this endpoint, replacing ATTACHMENT_ID with a valid ID (note if running locally, you'll need to ensure your site has a publicly accessible URL for these functions to work)
  3. Observe the result that gets printed, which we would hope to be an error message but currently isn't
  4. Go back to the WordPress admin, find the media item you had uploaded and observe that whatever action you ran, information is now in place (for instance, alt text is filled out or image tags have been added)

Impact

Non-authorized users can trigger requests to the ComputerVision API, which in turn will modify content.

The actions that can be taken are:

  • alt text added to images. This may be stored in the alt text field, caption field and/or description field, based on settings in the admin. Will overwrite any existing alt text that may be in place
  • Tags added to an image
  • Image may be cropped
  • Text found within an image will be stored in the image description field, overwriting what is there
  • Text found within a PDF will be stored in the PDF description field, overwriting what is there

Important to note that users can't choose what content gets saved, that comes from the API endpoints we hit. But they can trigger those actions to happen, adding in content you may not want, overwriting existing content and increasing number of requests that go to the API

See also

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVE ID

No known CVE

Weaknesses

No CWEs

Credits