Description

spring-boot-actuator-logview is a library that exposes a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that filename=../somefile would not work), the base folder parameter was not sufficiently checked, so that filename=somefile&base=../ could access a file outside the logging base directory).

Remediation

The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release.

References

Directory Traversal

Related Vulnerabilities

WordPress Plugin Aspose PDF Exporter Arbitrary File Download (1.0)

WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)

WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)

WordPress Plugin Floating Tweets Multiple Vulnerabilities (1.0.1)

WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)

Severity

High

Classification

CVE-2021-21234 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal