CVE-2020-13450 – CVE-2020-13450 is a critical directory traversa... (How to Fix)

Q: What is the severity of CVE-2020-13450?

CVE-2020-13450 has a CVSS score of 9.8 (CRITICAL). CVE-2020-13450 is a critical directory traversal vulnerability in Gotenberg's file upload function that allows attackers to upload and overwrite files outside intended directories. This affects Gotenberg versions through 6.2.1 and can lead to denial of service, program behavior changes, or remote code execution. Organizations using vulnerable Gotenberg instances for document conversion services are at risk.

📋 TL;DR

CVE-2020-13450 is a critical directory traversal vulnerability in Gotenberg's file upload function that allows attackers to upload and overwrite files outside intended directories. This affects Gotenberg versions through 6.2.1 and can lead to denial of service, program behavior changes, or remote code execution. Organizations using vulnerable Gotenberg instances for document conversion services are at risk.

💻 Affected Systems

Products:

Gotenberg

Versions: through 6.2.1

Operating Systems: All platforms running Gotenberg

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments using the vulnerable file upload function are affected regardless of configuration.

📦 What is this software?

Gotenberg by Thecodingmachine

View all CVEs affecting Gotenberg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

File system corruption, denial of service, or unauthorized file modifications affecting application functionality.

🟢

If Mitigated

Limited impact with proper file permission restrictions and network segmentation.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication, allowing external attackers to compromise systems.

🏢 Internal Only: HIGH - Even internal attackers could exploit this to escalate privileges or disrupt services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.2.2 and later

Vendor Advisory: https://github.com/thecodingmachine/gotenberg/issues/199

Restart Required: Yes

Instructions:

1. Stop Gotenberg service. 2. Update to version 6.2.2 or later. 3. Restart Gotenberg service. 4. Verify the fix by testing file upload functionality.

🔧 Temporary Workarounds

File Permission Restrictions

linux

Set strict file permissions on directories outside Gotenberg's intended upload folder

chmod 755 /path/to/restricted/directories
chown root:root /path/to/restricted/directories

Network Segmentation

linux

Isolate Gotenberg instances from critical systems using firewall rules

iptables -A INPUT -p tcp --dport 3000 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 3000 -j DROP

🧯 If You Can't Patch

Disable file upload functionality entirely if not required
Implement web application firewall (WAF) rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Check if Gotenberg version is 6.2.1 or earlier by examining the service version or container image tag

Check Version:

docker inspect gotenberg:tag | grep -i version OR check Gotenberg API endpoint /health

Verify Fix Applied:

Test file upload with directory traversal payloads (e.g., '../../etc/passwd') - should be rejected in patched versions

📡 Detection & Monitoring

Log Indicators:

File upload requests containing '../' sequences
Unauthorized file write attempts outside upload directory
Unexpected file modifications in system directories

Network Indicators:

HTTP POST requests to upload endpoints with path traversal payloads
Unusual outbound connections from Gotenberg instance

SIEM Query:

source="gotenberg" AND (http_method="POST" AND (url="*upload*" AND request_body="*../*"))

📊 Metadata

CVE ID: CVE-2020-13450

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: January 7, 2021

Last Updated: November 21, 2024

🔗 References

http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html Exploit,Third Party Advisory,VDB Entry
https://github.com/thecodingmachine/gotenberg/issues/199 Third Party Advisory
http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html Exploit,Third Party Advisory,VDB Entry
https://github.com/thecodingmachine/gotenberg/issues/199 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-13450, you might also want to check these: