CVE-2023-29004

Name of the Vulnerable Software and Affected Versions Roxy-WI version 6.3.9.0

Description A Path Traversal issue was found in Roxy-WI, a web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. This issue can be exploited via an HTTP request to "/app/options.py" and the config file name parameter. Successful exploitation could allow an attacker with user-level privileges to obtain the content of arbitrary files on the file server within the scope of what the server process has access to. The root cause lies in the get config function of the "/app/modules/config/config.py" file, which only checks for relative path traversal but still allows reading files from absolute locations passed via the config file name parameter.

Recommendations For Roxy-WI version 6.3.9.0, consider disabling the get config function in the "/app/modules/config/config.py" file as a temporary workaround until a patch is available. Restrict access to the "/app/options.py" endpoint to minimize the risk of exploitation. Avoid using the config file name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.