CVE-2020-37214
📋 TL;DR
CVE-2020-37214 is a directory traversal vulnerability in Voyager 1.3.0 that allows attackers to read sensitive system files by manipulating the asset path parameter. This affects any system running the vulnerable Voyager version with the admin interface accessible. Attackers can exploit this to access files like /etc/passwd and configuration files containing secrets.
💻 Affected Systems
- Voyager (Laravel admin panel)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through credential theft from configuration files, privilege escalation via /etc/passwd analysis, and exposure of all application secrets.
Likely Case
Theft of sensitive configuration data (database credentials, API keys, encryption secrets) leading to data breaches and unauthorized access to backend systems.
If Mitigated
Limited exposure of non-critical files if proper input validation and access controls are implemented.
🎯 Exploit Status
Exploit code is publicly available on Exploit-DB (ID 47875). The attack requires no authentication and uses simple path traversal techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 1.3.1
Vendor Advisory: https://github.com/the-control-group/voyager/releases/tag/v1.3.1
Restart Required: Yes
Instructions:
1. Backup your current Voyager installation. 2. Update composer.json to require "tcg/voyager": "^1.3.1". 3. Run 'composer update tcg/voyager'. 4. Clear Laravel cache with 'php artisan cache:clear'. 5. Restart your web server.
🔧 Temporary Workarounds
Block vulnerable endpoint
allTemporarily block access to the /admin/voyager-assets endpoint using web server configuration or WAF rules.
# For Apache: RewriteRule ^/admin/voyager-assets - [F]
# For Nginx: location ~ ^/admin/voyager-assets { return 403; }
Input validation middleware
allImplement custom middleware to validate and sanitize path parameters before processing.
# Create middleware: php artisan make:middleware ValidateAssetPath
# Add path traversal validation logic in the handle method
🧯 If You Can't Patch
- Implement strict web application firewall (WAF) rules to block directory traversal patterns in URLs
- Restrict network access to the Voyager admin interface using IP whitelisting or VPN requirements
🔍 How to Verify
Check if Vulnerable:
Test if you can access /admin/voyager-assets?path=../../../../etc/passwd (or similar traversal). If you get file contents, you're vulnerable.Check Version:
Check composer.lock for "tcg/voyager" version or run: php artisan voyager:versionVerify Fix Applied:
After patching, attempt the same traversal attack. You should receive an error or empty response instead of file contents.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /admin/voyager-assets with '..' sequences in parameters
- Unusual file access patterns from web application logs
- Multiple 200 responses to traversal attempts
Network Indicators:
- HTTP GET requests with path traversal sequences (%2e%2e%2f or ../)
- Traffic to sensitive file paths from web application
SIEM Query:
source="web_logs" AND uri_path="/admin/voyager-assets" AND (query="*..*" OR query="*%2e%2e*")