Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Microservice Directory Traversal - Vulnerability Database

Microservice Directory Traversal

Description

A directory traversal vulnerability exists in the microservice that allows attackers to manipulate file path parameters to access files and directories outside the intended scope. By using special character sequences such as '../' (dot-dot-slash), attackers can navigate the file system hierarchy to read, and potentially modify, sensitive files that should be restricted. This vulnerability typically occurs when user input is directly incorporated into file path operations without proper validation or sanitization.

Remediation

Implement the following security controls to remediate this directory traversal vulnerability:

1. Input Validation and Sanitization:
Validate all user-supplied input used in file operations. Reject any input containing path traversal sequences such as '../', '..\', or encoded variations (%2e%2e%2f).

// Example: Input validation (Node.js)
const path = require('path');

function sanitizeFilePath(userInput, baseDir) {
  // Resolve the full path
  const fullPath = path.resolve(baseDir, userInput);
  
  // Ensure the resolved path is within the base directory
  if (!fullPath.startsWith(path.resolve(baseDir))) {
    throw new Error('Invalid file path detected');
  }
  
  return fullPath;
}

2. Use Allowlist Approach:
Maintain a whitelist of permitted files or directories. Map user input to predefined safe values rather than directly using it in file paths.
// Example: Allowlist mapping (Python)
ALLOWED_FILES = {
  'report1': '/app/data/reports/monthly.pdf',
  'report2': '/app/data/reports/quarterly.pdf'
}

def get_file(file_id):
  if file_id not in ALLOWED_FILES:
    raise ValueError('File not found')
  return ALLOWED_FILES[file_id]

3. Implement Least Privilege:
Configure the microservice to run with minimal file system permissions. Use chroot jails, containers, or sandboxing to restrict access to only necessary directories.

4. Use Secure Framework Functions:
Leverage built-in security features from your framework or language that provide path traversal protection. Avoid manual string concatenation for file paths.

5. Apply Defense in Depth:
- Implement Web Application Firewall (WAF) rules to detect and block path traversal attempts
- Enable comprehensive logging and monitoring for suspicious file access patterns
- Conduct regular security testing including static code analysis and penetration testing
- Keep all microservice dependencies and frameworks updated with the latest security patches

References

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal")
OWASP: Path Traversal
API10:2023 Unsafe Consumption of APIs

Related Vulnerabilities

ColdFusion directory traversal High
Common tags: Directory Traversal
WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6) High
Common tags: Directory Traversal
WordPress 5.5.x Directory Traversal (5.5 - 5.5.14) High
Common tags: Directory Traversal
WordPress 5.6.x Directory Traversal (5.6 - 5.6.13) High
Common tags: Directory Traversal
WordPress 5.7.x Directory Traversal (5.7 - 5.7.11) High
Common tags: Directory Traversal

Severity

High

Classification

CWE-22
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Tags

Directory Traversal
API Misconfiguration