6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-27577

CVE-2023-27577: Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files

Impact

If an admin account has already been compromised by an attacker, the LESS parser can be exploited to read sensitive files on the server through the use of path traversal techniques.

An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting, which the LESS parser will then read. For example, an attacker could use the following code to read the contents of the /etc/passwd file:

@import (inline) '/etc/passwd';

.test {
  content: data-uri('/etc/passwd');
}

Patches

The vulnerability has been addressed in version 1.7. Users should upgrade to this version to mitigate the vulnerability.

Workarounds

Users can mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-27577

CVE-2023-27577:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
flarum/core	composer	< 1.7.0	1.7.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from unvalidated processing of custom LESS input. The patch added a preg_match check in ValidateCustomLess.php to block @import and data-uri patterns. The whenSettingsSaving method was responsible for processing this input but lacked these security checks in vulnerable versions, making it the entry point for malicious LESS code execution. The commit diff clearly shows this security validation was missing prior to v1.7.0.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-27577: Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files

Impact

Patches

Workarounds

CVE-2023-27577:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

6.5

6.5

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2023-27577: Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files

Impact

Patches

Workarounds

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI