SysmonElixir Path Traversal Vulnerability in Read Endpoint Allows Arbitrary File Read
Vulnerability
A path traversal vulnerability has been identified in SysmonElixir, a system monitor HTTP service written in Elixir. This vulnerability exists in versions through 1.0.0, where the /read endpoint can be used to read any file on the server, defaulting to /etc/passwd. The issue arises from the endpoint's handling of file paths, allowing for traversal outside of intended directories. In version 1.0.1, this vulnerability was addressed by implementing a whitelist that restricts file access to only those files located under priv/data.
Impact
Exploitation of this vulnerability allows for arbitrary file reading on the server, with a high impact on confidentiality, as sensitive information could be accessed.
Reproduction
To reproduce this vulnerability, send a request to the /read endpoint without specifying a file parameter. The server will respond with the contents of the /etc/passwd file. This behavior can be observed in SysmonElixir versions prior to 1.0.1.
Remediation
Users can upgrade to SysmonElixir version 1.0.1 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.