Path Traversal in rhizome-conifer/conifer

Valid

Reported on

Oct 29th 2021


Description

misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

An attacker can access files like this:

https://conifer.rhizome.org/static/app../admin.py

https://conifer.rhizome.org/static/app../config/wr.yaml

Impact

An attacker can access files on the web server to which they should not have access.

We have contacted a member of the rhizome-conifer/conifer team and are waiting to hear back a month ago
We have sent a follow up to the rhizome-conifer/conifer team. We will try again in 7 days. a month ago
We have sent a second follow up to the rhizome-conifer/conifer team. We will try again in 10 days. a month ago
rhizome-conifer/conifer maintainer validated this vulnerability 22 days ago
Dig2 has been awarded the disclosure bounty
The fix bounty is now up for grabs
rhizome-conifer/conifer maintainer confirmed that a fix has been merged on 2374ed 22 days ago
The fix bounty has been dropped