Relative Path Traversal in misp/misp-maltego

Valid

Reported on

Oct 29th 2021

Description

misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

Do a request to /munin../ can get any file under /var/cache/munin/

Impact

An attacker can access files on the web server to which they should not have access.

Occurrences

POC request: /munin../

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
We have contacted a member of the misp/misp-maltego team and are waiting to hear back a year ago
Z-Old
a year ago

Admin

Hey Dig2, I've just emailed the maintainers for you.

misp/misp-maltego maintainer
a year ago

Files in /var/cache/munin can indeed be downloaded due to this misconfiguration. However as this folder is empty the impact is zero. I've corrected the issue in the following commit: https://github.com/MISP/MISP-maltego/commit/fce86f7a937cc03794b1fc7e94c630eb65087d9b

So thank you for the scrutiny and feedback.

misp/misp-maltego maintainer validated this vulnerability a year ago
pupu.eth has been awarded the disclosure bounty
The fix bounty is now up for grabs
misp/misp-maltego maintainer marked this as fixed with commit fce86f a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
nginx.conf#L24 has been validated
ranjit-git
a year ago

good report token=

to join this conversation