VulnCheck KEV: CVE-2021-21234

spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability. The nature of this...

Path Traversal

spring-boot-actuator-logview is vulnerable to Path Traversal. The vulnerability exists in the securityCheck function of LogViewEndpoint.java because it does not properly validate relative paths, allowing an attacker to access files outside the expected directory through the path such as /usr/outn...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

Directory traversal

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

CVE-2023-29986

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view...

CVE-2023-29986

CVE-2023-29986 affects spring-boot-actuator-logview 0.2.13. The vulnerability is a Directory Traversal through LogViewEndpoint.view, enabling access to files outside the intended directory due to insufficient input validation. Documents indicate risk is a filesystem path traversal to sibling dire...

PT-2023-22505 · Unknown · Spring-Boot-Actuator-Logview

Name of the Vulnerable Software and Affected Versions: spring-boot-actuator-logview version 0.2.13 Description: The issue allows Directory Traversal to sibling directories via the LogViewEndpoint.view endpoint. This enables access to files outside the intended directory, potentially leading to...