Path Traversal in rhizome-conifer/conifer

Valid

Reported on

Oct 29th 2021

Description

misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

An attacker can access files like this:

https://conifer.rhizome.org/static/app../admin.py

https://conifer.rhizome.org/static/app../config/wr.yaml

Impact

An attacker can access files on the web server to which they should not have access.

We have contacted a member of the rhizome-conifer/conifer team and are waiting to hear back a year ago
We have sent a follow up to the rhizome-conifer/conifer team. We will try again in 7 days. a year ago
We have sent a second follow up to the rhizome-conifer/conifer team. We will try again in 10 days. a year ago
rhizome-conifer/conifer maintainer validated this vulnerability a year ago
pupu.eth has been awarded the disclosure bounty
The fix bounty is now up for grabs
rhizome-conifer/conifer maintainer marked this as fixed with commit 2374ed a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation