Security: critical vulnurability in Voyager Compass #4322
Comments
|
We would appreciate security issues like this being brought to our attention in a more private fashion to give us the opportunity to resolve it quickly without making the attack vector public knowledge. This is common practice when exploits are discovered. We're looking into this now and will respond when reproduced. |
|
This was already discovered quite a while ago. |
|
I'm closing this since as said now Compass is switched off by default in production mode and also since v1.4.0 with #4856 uses |
|
This issue has been automatically locked since there has not been any recent activity after it was closed. If you have further questions please ask in our Slack group. |
Version information
Description
During pentesting some projects, i found critical vulnerability in Voyager Compass. This vulnerability can give to anyone, who has permission to use compass, power of download and delete every file in the system if the user has permission for this operation in the system. This means, bad guy can steal .env file of your application and sign his own new session and cookie with secret application key or just drop your database knowing username and password of the database.
How can you reproduce it?
[[Redacted]]
How to fix it
This vulnerability has a high criticality and a CVSS score estimate to 6,5. For fix it, i recommend check is the final directory of the path is directory, that existing in the logs directory.
The text was updated successfully, but these errors were encountered: