Hello Team,
In the deploy files there is a bad configuration in the nginx alias where it is possible to perform a traversal path to access files on the server running the QA-Board. An attacker can use this to scour files on the server that could compromise QA-Board users/customers.
For the technique to be applicable, the following conditions must be met:
- The location directive should not have a trailing slash in its path;
- An aliasdirective must be present within the location context, and it must end with a slash.
From the procedures of the deploy steps I was able to carry out the proof of concept:
git clone https://github.com/Samsung/qaboard.git
cd qaboard
docker-compose pull
docker-compose up -d
Steps to Reproduce
- curl "http://localhost:5151/docs../etc/passwd" | head -n 50
I apologize if this is of no use to you.
Best Regards,
dk4trin.
Hello Team,
In the deploy files there is a bad configuration in the nginx alias where it is possible to perform a traversal path to access files on the server running the QA-Board. An attacker can use this to scour files on the server that could compromise QA-Board users/customers.
For the technique to be applicable, the following conditions must be met:
From the procedures of the deploy steps I was able to carry out the proof of concept:
Steps to Reproduce
I apologize if this is of no use to you.
Best Regards,
dk4trin.