Relative Path Traversal in misp/misp-maltego


Reported on

Oct 29th 2021


misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

Do a request to /munin../ can get any file under /var/cache/munin/


An attacker can access files on the web server to which they should not have access.


POC request: /munin../

We created a GitHub Issue asking the maintainers to create a a month ago
We have contacted a member of the misp/misp-maltego team and are waiting to hear back 24 days ago
Ziding Zhang
24 days ago


Hey Dig2, I've just emailed the maintainers for you.

misp/misp-maltego maintainer
23 days ago


Files in /var/cache/munin can indeed be downloaded due to this misconfiguration. However as this folder is empty the impact is zero. I've corrected the issue in the following commit:

So thank you for the scrutiny and feedback.

misp/misp-maltego maintainer validated this vulnerability 23 days ago
Dig2 has been awarded the disclosure bounty
The fix bounty is now up for grabs
misp/misp-maltego maintainer confirmed that a fix has been merged on fce86f 23 days ago
The fix bounty has been dropped
nginx.conf#L24 has been validated
22 days ago

good report token=