CVE-2020-19279 – CVE-2020-19279 is a directory traversal vulnera... (How to Fix)

Q: What is the severity of CVE-2020-19279?

CVE-2020-19279 has a CVSS score of 9.8 (CRITICAL). CVE-2020-19279 is a directory traversal vulnerability in B3log Wide that allows attackers to access arbitrary files on the server via symbolic link manipulation. This can lead to privilege escalation by reading sensitive configuration files or system data. All users running vulnerable versions of B3log Wide are affected.

📋 TL;DR

CVE-2020-19279 is a directory traversal vulnerability in B3log Wide that allows attackers to access arbitrary files on the server via symbolic link manipulation. This can lead to privilege escalation by reading sensitive configuration files or system data. All users running vulnerable versions of B3log Wide are affected.

💻 Affected Systems

Products:

B3log Wide

Versions: All versions prior to the fix

Operating Systems: All platforms running B3log Wide

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the file serving functionality that doesn't properly validate symbolic links.

📦 What is this software?

Wide by Wide Project

View all CVEs affecting Wide →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through reading sensitive files like /etc/passwd, SSH keys, or database credentials, leading to complete server takeover.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, or user information stored on the server.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH - Web applications are typically internet-facing and this vulnerability requires no authentication.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to escalate privileges within the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation is straightforward using directory traversal sequences with symbolic links. Public GitHub issues demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version after the fix was implemented

Vendor Advisory: https://github.com/b3log/wide/issues/355

Restart Required: Yes

Instructions:

1. Update B3log Wide to the latest version. 2. Restart the Wide service. 3. Verify the fix by testing directory traversal attempts.

🔧 Temporary Workarounds

Restrict File Access

linux

Configure file system permissions to limit Wide's access to only necessary directories

chmod -R 750 /path/to/wide/data
chown -R wide:wide /path/to/wide/data

Web Server Filtering

all

Configure reverse proxy or web server to block requests containing directory traversal sequences

🧯 If You Can't Patch

Implement strict file system permissions and run Wide with minimal privileges
Deploy network segmentation and restrict Wide's network access to only required services

🔍 How to Verify

Check if Vulnerable:

Test if you can access files outside the intended directory by requesting paths like ../../etc/passwd via the Wide interface

Check Version:

Check Wide version in application interface or configuration files

Verify Fix Applied:

Attempt the same directory traversal tests after patching - they should return 403 or 404 errors

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ sequences
Access to unexpected file paths in application logs
403/404 errors for traversal attempts

Network Indicators:

HTTP requests with encoded directory traversal payloads (%2e%2e%2f)
Unusual file access patterns from single IPs

SIEM Query:

source="wide.logs" AND ("..\/" OR "%2e%2e%2f" OR "../../")

📊 Metadata

CVE ID: CVE-2020-19279

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 4, 2023

Last Updated: February 14, 2025

🔗 References

https://github.com/b3log/wide/issues/355 Broken Link
https://github.com/advisories/GHSA-g277-4m9p-49hv Third Party Advisory
https://github.com/b3log/wide/issues/355 Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19279, you might also want to check these: