blob: c85f2da52d73154504dc9e6076dec13b2b22f443 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
---
stage: Secure
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# Improper limitation of a pathname to a restricted directory (Path traversal)
## Description
The vulnerability can be exploited by inserting a payload into a
parameter on the URL endpoint which allows for reading arbitrary files.
This could be used to read sensitive files, access other users data, or aid in
exploitation to gain further system access.
## Remediation
User input should never be used in constructing paths or files for interacting
with the filesystem. This includes filenames supplied by user uploads or downloads.
If possible, consider hashing the filenames and reference the hashed filenames in
a database or datastore instead of directly attempting to access filenames provided
by users or other system components.
In the rare cases that the application must work with filenames, use the language
provided functionality to extract only the filename part of the supplied value.
Never attempt to use the path or directory information that comes from user input.
## Details
| ID | Aggregated | CWE | Type | Risk |
|:---|:--------|:--------|:--------|:--------|
| 22.1 | false | 22 | Active | high |
## Links
- [OWASP](https://owasp.org/www-community/attacks/Path_Traversal)
- [CWE](https://cwe.mitre.org/data/definitions/22.html)
|
