Security Advisory WSO2-2021-1258¶
Published: October 14, 2021
Version: 1.0.0
Severity: Medium
CVSS Score: 6.8 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
AFFECTED PRODUCTS¶
- WSO2 Enterprise Integrator : 6.2.0 , 6.3.0 , 6.4.0 , 6.5.0 , 6.6.0
OVERVIEW¶
ZIP file based directory traversal (Zip Slip) vulnerability in the Management Console.
DESCRIPTION¶
The Zip Slip vulnerability is a form of directory traversal that can be exploited by extracting files from a maliciously crafted archive. The premise of the directory traversal vulnerability is that a malicious actor can gain access to parts of the file system outside of the target folder.
IMPACT¶
In order to exploit this vulnerability, the malicious actor should have a valid user account with required administrative privileges to authenticate to the Management Console and should be able to reach it (WSO2 Security Guidelines for Production Deployment1 recommends not to publicly expose the Management Console). If such access could be obtained, a malicious actor could upload a maliciously crafted archive file and write/overwrite files in the host, if the system user account running the WSO2 server has privileges to write to the destination. It is further possible to craft a malicious payload to perform remote code execution on the server.
SOLUTION¶
If the latest version of the affected WSO2 product is not mentioned under the affected product list, you may migrate to the latest version to receive security fixes.
Otherwise, you may apply the relevant fixes to the product based on the public fix(s):
Moreover, It is strongly advised to run WSO2 processes with a specific OS-level user with limited privileges, as recommended in WSO2 Security Guidelines for Production Deployment1.
Info
If you are a WSO2 customer with a support subscription, use WSO2 Updates in order to apply the fix.
CREDITS¶
WSO2 thanks, Matei Mal Badanoiu for responsibly reporting the identified issue and working with us as we addressed it.