CVE-2020-8214
📋 TL;DR
A path traversal vulnerability in Survey versions below 3 allows attackers to read arbitrary files on the server by manipulating file paths. This affects all systems running vulnerable Survey versions, potentially exposing sensitive configuration files, credentials, or other data.
💻 Affected Systems
- Survey
📦 What is this software?
Servey by Servey Project
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like /etc/passwd, SSH keys, database credentials, or application configuration files containing secrets.
Likely Case
Exfiltration of sensitive configuration data, source code, or user information that could enable further attacks.
If Mitigated
Limited impact if file system permissions restrict access to sensitive files and proper input validation is implemented.
🎯 Exploit Status
Exploitation requires minimal technical skill - attackers can use simple HTTP requests with path traversal sequences like ../../../etc/passwd
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Survey 3.0 and above
Vendor Advisory: https://hackerone.com/reports/355501
Restart Required: Yes
Instructions:
1. Backup your Survey data and configuration. 2. Upgrade to Survey version 3.0 or higher. 3. Restart the Survey service. 4. Verify the fix by testing path traversal attempts.
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block path traversal patterns in requests
# Example mod_security rule: SecRule ARGS "\.\./" "id:1001,phase:2,deny,status:403,msg:'Path Traversal Attempt'
File System Restrictions
linuxRun Survey with minimal file system permissions and jail/chroot environment
# Run as non-root user: sudo -u surveyuser node survey.js
# Consider using containers with restricted mounts
🧯 If You Can't Patch
- Implement strict input validation to reject any requests containing ../ or similar traversal sequences
- Deploy reverse proxy with request filtering to block path traversal attempts before they reach Survey
🔍 How to Verify
Check if Vulnerable:
Test by attempting to access a known file using path traversal: curl 'http://survey-server/path?file=../../../etc/passwd'Check Version:
Check Survey version in package.json or via application interfaceVerify Fix Applied:
After patching, repeat the test - should return error or empty response instead of file contents📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing ../ sequences
- Unusual file access patterns from web requests
- 403 errors for traversal attempts (if blocked)
Network Indicators:
- HTTP GET/POST requests with ../ in parameters
- Multiple failed traversal attempts from single IP
SIEM Query:
source="survey.logs" AND ("../" OR "..\\" OR "%2e%2e%2f")