etcd-browser version 87ae63d75260 suffers from a directory traversal vulnerability.
8456b0b8489b8c480ad32f464fbe163fc1fe87e4a533e2f02fd020993cf98140An issue was discovered in server.js in etcd-browser 87ae63d75260. By
supplying a /../../../ Directory Traversal input to the URL's GET
request while connecting to the remote server port specified during
setup, an attacker can retrieve local operating system files from the
remote system.
------------------------------------------
[Vulnerability Type]
Directory Traversal
------------------------------------------
[Vendor of Product]
https://hub.docker.com/r/buddho/etcd-browser
------------------------------------------
[Affected Product Code Base]
etcd-browser - Unknown
------------------------------------------
[Affected Component]
the server.js file does not validate the path for files.
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[CVE Impact Other]
Allow for a remote arbitrary user to obtain local operating system files
------------------------------------------
[Attack Vectors]
The attacker must supply a /../../ technique to the server application
running on the remote port specified during setup
------------------------------------------
[Reference]
https://hub.docker.com/r/buddho/etcd-browser
https://hub.docker.com/r/buddho/etcd-browser/tags
------------------------------------------
[Discoverer]
Kevin Randall
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed