Security for everyone

CVE-2021-21234 Scanner

Detects 'Directory Traversal' vulnerability in Spring Boot Actuator Logview affects v. before 0.2.13.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2021-21234 Scanner Detail

Spring Boot Actuator Logview is a library designed to provide a simple logfile viewer via Spring Boot's actuator endpoint. The package, eu.hinsch:spring-boot-actuator-logview, is typically used by developers to expose log file directories as admin HTTP endpoints. Users can specify the filename and base folder (relative to the logging folder root) through request parameters to access their logs. The library is widely utilized because of its ease of use and fast implementation.

Unfortunately, the library contained a significant vulnerability, also known as CVE-2021-21234, before version 0.2.13. The flaw involves directory traversal exploitation where hackers could access resources outside of the intended directory, compromising the system's security. While the filename parameter was checked to prevent attacks, the base folder parameter was not sufficiently validated, allowing attackers to exploit it.

When this vulnerability is exploited, it can lead to severe consequences for the victim. Attackers could, for instance, access files outside the intended directory, which may include sensitive information such as user credentials. This information can then be used for phishing scams or even lead to identity theft, causing severe financial and reputational damage.

SecurityForeveryone.com is a platform that provides pro features to enable businesses to identify vulnerabilities in their digital assets. Thanks to these features, teams can easily and quickly learn about vulnerabilities that could compromise the security of their systems. It is crucial for developers to stay informed and take advantage of these types of tools to stay ahead of potential threats that could impact their business operations.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture