.. / CVE-2021-21234

Exploit for Spring Boot Actuator Logview Directory Traversal (CVE-2021-21234)

Description:

spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package “eu.hinsch:spring-boot-actuator-logview”.

Nuclei Template

View the template here CVE-2021-21234.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-21234.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-21234
https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234
https://github.com/cristianeph/vulnerability-actuator-log-viewer
https://github.com/lukashinsch/spring-boot-actuator-logview/commit/1c76e1ec3588c9f39e1a94bf27b5ff56eb8b17d6
https://github.com/lukashinsch/spring-boot-actuator-logview/commit/760acbb939a8d1f7d1a7dfcd51ca848eea04e772
https://blog.csdn.net/qq_39583774/article/details/123023770#t5