WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

Due to the unsanitized user input in the Artifact Upload feature, an arbitrary file deletion attack could be carried out by leveraging path traversal in the "artifactName" parameter.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for this vulnerability.

Requirements:

This vulnerability requires:

Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

Vendor Disclosure:

Why no CVE?

Requirements:

Proof Of Concept:

Files

README.md

Latest commit

History

README.md

File metadata and controls

WSO2-2021-1260: Deletion of Arbitrary files via Path Traversal in Artifact Name in WSO2 ESB

Vendor Disclosure:

Why no CVE?

Requirements:

Proof Of Concept: