Census CSWeb Path Traversal Vulnerability Allowing Arbitrary File Access
Vulnerability
A path traversal vulnerability has been identified in Census CSWeb version 8.0.1. This issue allows remote, authenticated attackers to input arbitrary file paths, potentially accessing unintended file directories. The vulnerability arises from unsanitized file path inputs that enable directory traversal, such as using '../' to navigate outside of intended directories. Exploitation of this vulnerability could lead to the disclosure of sensitive files, including configuration files and secrets.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive server-side files, such as configuration files that may contain secrets like the application secret.
Reproduction
The vulnerability can be reproduced by sending a request with an arbitrary file path input that includes traversal sequences, such as '../', to access files outside of the intended directory. This can be done by an authenticated user.
Remediation
Users can upgrade to Census CSWeb version 8.1.0 alpha to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.