St0Rmi

Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview versions prior to 0.2.13 Description: The issue concerns a directory traversal vulnerability in the spring-boot-actuator-logview library, which exposes a log file directory via admin HTTP endpoints. Both the `filename` to view and a `base` folder (relative to the logging folder root) can be specified via request parameters. While the `filename` parameter was checked to prevent directory traversal exploits, the `base` folder parameter was not sufficiently checked, allowing access to files outside the logging base directory. For example, specifying `filename=somefile&base=../` could access a file outside the intended directory. Recommendations: For versions prior to 0.2.13, update to version 0.2.13 or later to resolve the issue. As a temporary mitigation measure, consider removing read access of the user the application is run with to any directory not required for running the application to limit the impact. Additionally, access to the logview endpoint can be limited by deploying the application behind a reverse proxy.