Relative Path Traversal in misp/misp-maltego

Valid

Reported on

Oct 29th 2021


Description

misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

Do a request to /munin../ can get any file under /var/cache/munin/

Impact

An attacker can access files on the web server to which they should not have access.

Occurences

POC request: /munin../

We created a GitHub Issue asking the maintainers to create a SECURITY.md a month ago
We have contacted a member of the misp/misp-maltego team and are waiting to hear back 24 days ago
Ziding Zhang
24 days ago

Admin


Hey Dig2, I've just emailed the maintainers for you.

misp/misp-maltego maintainer
23 days ago

Maintainer


Files in /var/cache/munin can indeed be downloaded due to this misconfiguration. However as this folder is empty the impact is zero. I've corrected the issue in the following commit: https://github.com/MISP/MISP-maltego/commit/fce86f7a937cc03794b1fc7e94c630eb65087d9b

So thank you for the scrutiny and feedback.

misp/misp-maltego maintainer validated this vulnerability 23 days ago
Dig2 has been awarded the disclosure bounty
The fix bounty is now up for grabs
misp/misp-maltego maintainer confirmed that a fix has been merged on fce86f 23 days ago
The fix bounty has been dropped
nginx.conf#L24 has been validated
ranjit-git
22 days ago

good report token=