LFI in Ray’s log API endpoint allows attackers to read any file on the server without authentication.
Path Traversal: ‘..\filename’
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘..\filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
A vulnerability has been found in ray (affected version unknown) and classified as critical. Affected by this vulnerability is an unknown functionality of the component Log API Endpoint. The manipulation with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-29. The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize ‘\..\filename’ (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory. As an impact it is known to affect confidentiality, integrity, and availability.
What do you think?
It is nice to know your opinion. Leave a comment.