Impact
This vulnerability could allow a malicious user to access documentation files from any project given its slug, regardless of user permissions. This was possible using a crafted URL that can bypass our path traversal protections.
Users of https://readthedocs.org/ and https://readthedocs.com/ do not need to take any further action, we have taken measures to ensure that the security issue is now fully fixed.
This issue was discovered by a member of our team, and we have seen no signs that this vulnerability was exploited. This issue also required knowing the domain and path of the file that an attacker wanted to read, and didn't allow access to any files outside of our S3 bucket that stores documentation.
Custom installations
We don't officially support custom installations of Read the Docs, but If you are using a custom installation, we recommend you to upgrade.
Patches
This vulnerability has been patched in our 9.4.0 release.
References
For more information
If you have any questions or comments about this advisory, email us at security@readthedocs.org (PGP)
stsewd Analyst
Impact
This vulnerability could allow a malicious user to access documentation files from any project given its slug, regardless of user permissions. This was possible using a crafted URL that can bypass our path traversal protections.
Users of https://readthedocs.org/ and https://readthedocs.com/ do not need to take any further action, we have taken measures to ensure that the security issue is now fully fixed.
This issue was discovered by a member of our team, and we have seen no signs that this vulnerability was exploited. This issue also required knowing the domain and path of the file that an attacker wanted to read, and didn't allow access to any files outside of our S3 bucket that stores documentation.
Custom installations
We don't officially support custom installations of Read the Docs, but If you are using a custom installation, we recommend you to upgrade.
Patches
This vulnerability has been patched in our 9.4.0 release.
References
For more information
If you have any questions or comments about this advisory, email us at security@readthedocs.org (PGP)