CVE-2024-55415 Scanner
CVE-2024-55415 Scanner - Arbitrary File Read vulnerability in DevDojo Voyager
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 15 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
DevDojo Voyager is a Laravel-based content management system (CMS) designed to simplify backend management for developers. It is widely used in web applications to provide an administrative interface for managing content, media, and users. Voyager integrates with Laravel applications and offers role-based access control, making it a popular choice for web-based projects. The software includes a file management system, database tools, and an intuitive UI for users. It enables developers to create and manage web applications efficiently without extensive backend development. Security vulnerabilities in Voyager can expose sensitive system files and configurations.
The Arbitrary File Read vulnerability in DevDojo Voyager through version 1.8.0 allows authenticated users to access system files. The vulnerability exists in the `/admin/compass` endpoint, where input validation is insufficient, allowing path traversal attacks. Attackers can exploit this flaw to read sensitive files such as `/etc/passwd` or application configuration files. This issue poses a significant risk as it enables unauthorized users to access potentially critical system data. The flaw affects the way Voyager handles file download requests, failing to properly restrict access to non-public files. Users running affected versions should update their installations immediately.
The vulnerability arises due to improper sanitization of user-supplied input in the download functionality of the `/admin/compass` endpoint. Attackers can send a specially crafted request with a manipulated file path to retrieve arbitrary files. This is done by encoding file paths and supplying them as parameters in the request. The application processes the request without validating the file path, allowing attackers to access files stored outside of the intended directories. Sensitive system files, database credentials, and other confidential data can be exposed through this attack. The vulnerability is exploitable only by authenticated users.
Exploiting this vulnerability can lead to severe security risks, including data leakage and unauthorized access to system files. Attackers can retrieve database credentials, configuration settings, and authentication tokens. If critical files are exposed, attackers may use them to escalate privileges or execute further attacks. Unauthorized access to environment variables can allow attackers to modify application behavior maliciously. The risk is especially high in multi-user environments where attackers could exploit the vulnerability to gain additional access. Immediate patching and access restrictions are necessary to mitigate the threat.
REFERENCES
- https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
- https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L213
- https://github.com/thedevdojo/voyager/blob/1.6/src/Http/Controllers/VoyagerCompassController.php#L44
- https://nvd.nist.gov/vuln/detail/CVE-2024-55415
