nixseparatedebuginfod Directory Traversal Vulnerability
Vulnerability
A directory traversal vulnerability has been identified in nixseparatedebuginfod versions prior to 0.4.1. This vulnerability allows a client to request source files from paths outside the Nix store, potentially disclosing the contents of any readable file on the system. The issue arises because nixseparatedebuginfod does not properly validate file paths before serving them. While the impact is generally limited to world-readable files when using the NixOS module, more severe consequences can occur if nixseparatedebuginfod is run manually or exposed to the internet.
Impact
Exploitation of this vulnerability could lead to unauthorized disclosure of personal or system files, depending on how nixseparatedebuginfod is deployed.
Reproduction
The vulnerability can be reproduced by sending a request to the nixseparatedebuginfod server for a source file located outside of the Nix store. For example, requesting a file like '/etc/resolv.conf' through a crafted path traversal request can trigger the vulnerability.
Remediation
Users can update to nixseparatedebuginfod version 0.4.1 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.