Path Traversal
Discription

gravitee-gateway-core is vulnerable to path traversal. The vulnerability exists due to the lack of dynamic routing checks in the `selectUserDefinedEndpoint` function of `TargetEndpointResolver.java`, allowing an attacker to read arbitrary files outside the expected directory via a `/management/users/register` request.Read More

References

https://github.com/gravitee-io/gravitee-api-management/commit/d5a8e52654a849a2cf42946326075805b3590157https://medium.com/@maxime.escourbiac/write-up-of-path-traversal-on-gravitee-io-8835941be69fhttps://github.com/gravitee-io/issues/issues/2243https://github.com/gravitee-io/gravitee-api-management/pull/409https://github.com/gravitee-io/gravitee-api-management

6.1 Medium

CVSS3

  • Attack Vector
  • Attack Complexity
  • Privileges Required
  • User Interaction
  • Scope
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Network
  • Low
  • None
  • Required
  • Changed
  • Low
  • Low
  • None

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Back to Main
Subscribe for the latest news: