CVE-2021-32769

16.07.2021, 19:15

Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possible to access any file from a filesystem, using "/../../" in the URL. This occurs because Micronaut does not restrict file access to configured paths. The vulnerability is patched in version 2.5.9. As a workaround, do not use `**` in mapping, use only `*`, which exposes only flat structure of a directory not allowing traversal. If using Linux, another workaround is to run micronaut in chroot.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_M	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
objectcomputing	micronaut	𝑥 < 2.5.9

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj

https://github.com/micronaut-projects/micronaut-core/commit/a0cfeb13bf1ef5d692d16d4a3b91b34b7456bb11

https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-cjx7-399x-p2rj