S4E

CVE-2024-22207 Scanner

CVE-2024-22207 Scanner - Information Disclosure vulnerability in Fastify Swagger-UI

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

24 days 20 hours

Scan only one

URL

Toolbox

-

Fastify Swagger-UI is a plugin used to serve Swagger UI, a popular tool for visualizing and interacting with API specifications. It is widely used by developers to simplify API documentation and provide a user-friendly interface. This plugin is integrated into applications to create an interactive API documentation easily. Many organizations utilize it as part of their development and testing environments. Fastify, known for its speed and low overhead, makes it an attractive choice for API development, leveraging Swagger UI through this plugin for streamlined user access. The plugin supports customization to fit specific documentation needs while maintaining simplicity and ease of use.

The vulnerability involves an information disclosure issue within the swagger_ui plugin for Fastify. Specifically, when the configuration of '@fastify/swagger-ui' is left default without setting the 'baseDir', it can expose all files within the module’s directory to HTTP routes. This could allow unauthorized access to module files, potentially leading to information leakage. To combat this, the vulnerability has been addressed in version 2.1.0, providing increased safeguarding against accidental exposures. The issue highlights the importance of correct configuration to prevent unintentional data disclosures. The risk primarily concerns development environments if the `baseDir` setting is overlooked.

Technically, the vulnerability resides in the default configuration of the Fastify Swagger-UI plugin. Without a configured 'baseDir', all files within the directory of the module are exposed via HTTP routes. This configuration oversight could lead to unintentional exposure of sensitive information within environments that utilize this plugin. The vulnerable endpoint relates to HTTP routes that could serve unintended files due to this setting. The module's directory becomes openly accessible until overridden by the user-defined `baseDir`. Ensuring that the option is correctly set prevents these exposures.

Exploitation of this vulnerability can result in sensitive files being accessible to unauthorized users, leading to potential information leakage. This can compromise the integrity and confidentiality of the affected application. If sensitive files such as configuration files, credentials, or other proprietary source code reside within the exposed directory, it adds a significant risk. Attackers can glean insights into the application's structure, leading to further attacks. Proper mitigation is crucial to avoid such unauthorized information disclosures impacting both development and production environments.

REFERENCES

Get started to protecting your Free Full Security Scan