Fireshare is a self-hosted media and link sharing application. In version 1.5.1, a path traversal vulnerability (CWE-22) exists in the chunked upload endpoint, which is responsible for handling multipart file uploads. The vulnerability stems from the unsafe use of the 'checkSum' multipart field directly in constructing filesystem paths without any sanitization or validation to restrict the pathname within the intended upload directory. This improper limitation allows an authenticated attacker to craft a specially formed request that writes files to arbitrary locations on the server's filesystem where the Fireshare process has write permissions, such as container /tmp directories or other writable paths. This breaks the integrity of the system by enabling unauthorized file writes, potentially allowing attackers to place malicious files, overwrite critical files, or prepare for privilege escalation or remote code execution depending on the environment. The vulnerability requires authentication but no additional user interaction. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, privileges required, no user interaction, unchanged scope, no confidentiality impact, high integrity impact, and low availability impact. The vendor fixed this issue in version 1.5.2. No known exploits in the wild have been reported yet, but the vulnerability poses a significant risk to deployments of affected versions.

The primary impact of this vulnerability is the violation of system integrity through unauthorized file writes outside the designated upload directory. Attackers can leverage this to place malicious payloads, overwrite configuration or executable files, or manipulate application behavior. This can lead to further compromise such as remote code execution, privilege escalation, or persistent backdoors depending on the deployment context and file system permissions. Availability impact is low but possible if critical files are overwritten. Confidentiality is not directly impacted by this vulnerability. Organizations running Fireshare 1.5.1 or earlier in production environments, especially those exposed to authenticated users or untrusted internal users, face significant risk. Containerized deployments or environments with loosely configured filesystem permissions are particularly vulnerable. The lack of known exploits suggests limited current exploitation, but the ease of exploitation with low complexity and network access means attackers could develop exploits rapidly once the vulnerability is public.

1. Immediate upgrade to Fireshare version 1.5.2 or later, where the vulnerability is patched. 2. Implement strict input validation and sanitization on all multipart fields, especially those used in filesystem path construction, to enforce containment within intended directories. 3. Employ filesystem permissions and container security best practices to minimize writable paths accessible by the Fireshare process, limiting the impact of potential path traversal. 4. Use application-level access controls to restrict upload functionality to trusted users only. 5. Monitor logs for unusual file write activities or unexpected file creations outside upload directories. 6. Consider deploying runtime application self-protection (RASP) or host-based intrusion detection systems (HIDS) to detect anomalous filesystem operations. 7. Conduct regular security audits and penetration testing focused on file upload components. 8. If immediate upgrade is not feasible, restrict network access to the Fireshare upload endpoint and enforce strong authentication and session management controls.