Cchavezr

**Name of the Vulnerable Software and Affected Versions** Roxy-WI version 6.3.9.0 **Description** A Path Traversal issue was found in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. This issue can be exploited via an HTTP request to "/app/options.py" and the `config file name` parameter. Successful exploitation could allow an attacker with user-level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root cause lies in the `get config` function of the "/app/modules/config/config.py" file, which only checks for relative path traversal but still allows reading files from absolute locations passed via the `config file name` parameter. **Recommendations** For Roxy-WI version 6.3.9.0, consider disabling the `get config` function in the "/app/modules/config/config.py" file as a temporary workaround until a patch is available. Restrict access to the "/app/options.py" endpoint to minimize the risk of exploitation. Avoid using the `config file name` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.