Description

misconfigurations of nginx lead to a path traversal vulnerability.

Proof of Concept

according to https://github.com/jitsi/jicofo/blob/master/doc/shibboleth.md?plain=1#L251

a request to /shibboleth-sp../ can get any file under /usr/share

Impact

An attacker can access files on the web server to which they should not have access.