CVE-2021-21234
Description
spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this library is to expose a log file directory via admin (spring boot actuator) HTTP endpoints. Both the filename to view and a base folder (relative to the logging folder root) can be specified via request parameters. While the filename parameter was checked to prevent directory traversal exploits (so that filename\=../somefile would not work), the base folder parameter was not sufficiently checked, so that filename\=somefile&base\=../ could access a file outside the logging base directory). The vulnerability has been patched in release 0.2.13. Any users of 0.2.12 should be able to update without any issues as there are no other changes in that release. There is no workaround to fix the vulnerability other than updating or removing the dependency. However, removing read access of the user the application is run with to any directory not required for running the application can limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.
Severity: HIGH
CVE ID: CVE-2021-21234
CVSS Score: 7.7
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Proof Of Concept
Nuclei Templates for CVE-2021-21234
Refrence: Project Discovery GitHub
PwCNO-CTO
Directory traversal vulnerability in the spring-boot-actuator-logview library
Refrence: GitHub
xiaojiangxl
Refrence: GitHub
Content on GitHub
AabyssZG | watchers:1274
SpringBoot-Scan
针对SpringBoot的开源渗透框架,以及Spring相关高危漏洞利用工具
Refrence: GitHub
sule01u | watchers:393
SBSCAN
SBSCAN是一款专注于spring框架的渗透测试工具,可以对指定站点进行springboot未授权扫描/敏感信息扫描以及进行spring框架漏洞扫描与验证的综合利用工具。 [SBSCAN is a penetration testing tool focused on the spring framework that can scan springboot sensitive information/unauthorized for specified sites and scan and validate spring related vulnerabilities]
Refrence: GitHub
CLincat | watchers:105
vulcat
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞
Refrence: GitHub