Path Traversal Leading to Remote Code Execution
Available publicly on Jun 15 2024
Threat Overview
The vulnerability arises from improper sanitization of the category
input in the /set_personality_config
endpoint. By exploiting this, an attacker can manipulate the file path to overwrite the configs/config.yaml
file. This allows the attacker to change server configurations, enabling remote code execution through the /execute_code
endpoint.
Attack Scenario
An attacker sends a crafted POST request to the /set_personality_config
endpoint with an empty category
and a manipulated name
to overwrite the configs/config.yaml
file. The attacker then restarts the service to apply the new configuration, which disables code validation and allows remote code execution. Finally, the attacker sends a POST request to the /execute_code
endpoint to run arbitrary code on the server.
Who is affected
Users running version 9.4.0 of the software who expose the /set_personality_config
endpoint are affected by this vulnerability.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.