Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
| OWASP | A05:2017 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
In nginx configuration, using the ‘alias’ directive in a ’location’ block without a trailing slash on the location path can allow attackers to access files outside the intended directory. This misconfiguration makes the server vulnerable to path traversal attacks.
Impact#
If exploited, an attacker could read arbitrary files on the server, including sensitive configuration files, credentials, or application data. This could lead to information disclosure, compromise of user data, or further attacks on your infrastructure.