White-Jotter Directory Traversal Vulnerability in Shiro Filter Allowing Unauthorized Access

A directory traversal vulnerability has been identified in the White-Jotter project, version 0.2.2, within the shiroFilter function of the ShiroConfiguration.java file. This vulnerability allows attackers to craft URLs that bypass authentication requirements, enabling access to sensitive endpoints. The issue arises from improper configuration of Apache Shiro, which is used for managing authentication and authorization in the Spring Boot backend of the application.

Impact

Exploitation of this vulnerability allows for unauthorized access to endpoints that should require authentication, potentially leading to unauthorized actions or data exposure.

Reproduction

To reproduce this vulnerability, first identify an endpoint that requires authentication, such as '/api/admin/content/article'. Attempt to access this endpoint without authentication; the request will be blocked by the Shiro filter, as expected. Next, try accessing the same endpoint using a crafted URL that includes directory traversal, such as '/api/aaa;/../admin/content/article'. This request will bypass the authentication filter and gain unauthorized access to the endpoint.