Miggo Logo

CVE-2021-21234: Directory Traversal in spring-boot-actuator-logview

7.7

CVSS Score
3.1

Basic Information

EPSS Score
0.99739%
Published
1/5/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
eu.hinsch:spring-boot-actuator-logviewmaven< 0.2.130.2.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from insufficient validation of the 'base' parameter in path construction. The pre-patch securityCheck method only checked for ".." in filenames but didn't properly validate the resolved path when combined with the base parameter. The list() and view() methods passed untrusted input to securityCheck before proper path resolution, enabling traversal via base parameter manipulation. The commit diff shows the fix moved securityCheck to operate on the resolved Path object and used canonical path validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** n*tur* o* t*is li*r*ry is to *xpos* * lo* *il* *ir**tory vi* **min (sprin* *oot **tu*tor) *TTP *n*points. *ot* t** *il*n*m* to vi*w *n* * **s* *ol**r (r*l*tiv* to t** lo**in* *ol**r root) **n ** sp**i*i** vi* r*qu*st p*r*m*t*rs. W*il*

Reasoning

T** vuln*r**ility st*mm** *rom insu**i*i*nt `v*li**tion` o* t** '**s*' p*r*m*t*r in p*t* *onstru*tion. T** pr*-p*t** `s**urity****k` m*t*o* only ****k** *or ".." in `*il*n*m*s` *ut *i*n't prop*rly `v*li**t*` t** r*solv** p*t* w**n *om*in** wit* t** *