Relative Path Traversal in misp/misp-maltego


Reported on

Oct 29th 2021


misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

Do a request to /munin../ can get any file under /var/cache/munin/


An attacker can access files on the web server to which they should not have access.


POC request: /munin../

We created a GitHub Issue asking the maintainers to create a a year ago
We have contacted a member of the misp/misp-maltego team and are waiting to hear back a year ago
a year ago


Hey Dig2, I've just emailed the maintainers for you.

misp/misp-maltego maintainer
a year ago

Files in /var/cache/munin can indeed be downloaded due to this misconfiguration. However as this folder is empty the impact is zero. I've corrected the issue in the following commit:

So thank you for the scrutiny and feedback.

misp/misp-maltego maintainer validated this vulnerability a year ago
pupu.eth has been awarded the disclosure bounty
The fix bounty is now up for grabs
misp/misp-maltego maintainer marked this as fixed with commit fce86f a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
nginx.conf#L24 has been validated
a year ago

good report token=

to join this conversation