Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Apache Ignite from 2.0.0 through 2.17.0.
Impact:
The attacker may be able to create or overwrite critical files that are
used to execute code, such as programs or libraries.
Description:
Apache Ignite previously validated paths with a simple check like:
src.path().startsWith(ctx.config().getIgniteHome())
This was unsafe because attackers could bypass it using path traversal
patterns such as:
../, ../../ and so on
As a result, a rest request could potentially access files outside the
Ignite home directory.
Mitigation:
• All Ignite versions: make sure there are no vulnerable classes among
your custom code used in Apache Ignite.
• Ignite 2.0.0 through 2.17 : upgrade to Ignite 2.18
Credit:
* The vulnerability was discovered by m1sn0w, Pavel Tupitsyn
