Skip to content
/ WSO2-2021-1260 Public

WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/WSO2-2021-1260

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 
WSO2 ESB - WSO2-2021-1260.pdf
WSO2 ESB - WSO2-2021-1260.pdf
 
 

Repository files navigation

WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

Due to the unsanitized user input in the Artifact Upload feature, an arbitrary file deletion attack could be carried out by leveraging path traversal in the "artifactName" parameter.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for this vulnerability.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

Topics

authenticated path-traversal 0-day arbitrary-file-deletion wso2-2021-1260

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository