Path Traversal Vulnerability in Heron-UI Allows Unauthorized File Access

Path Traversal Vulnerability in Heron-UI Allows Unauthorized File Access

CVE-2018-11789 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:N/A:N

When accessing the heron-ui webpage, people can modify the file paths outside of the current container to access any file on the host. Example woule be modifying the parameter path= to go to the directory you would like to view. i.e. ..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd.

Learn more about our Web App Pen Testing.