Login Sign Up

CVE-2021-29395

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows remote attackers without authentication to download arbitrary files from the server filesystem by exploiting a directory traversal flaw in NorthStar Club Management software. It affects all systems running Northstar Technologies Inc NorthStar Club Management version 6.3. Attackers can access sensitive files including JSP source code, configuration files, and system files.

💻 Affected Systems

Products:
  • Northstar Technologies Inc NorthStar Club Management
Versions: 6.3
Operating Systems: Any OS running the application
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of version 6.3 are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

Northstar Club Management by Globalnorthstar

View all CVEs affecting Northstar Club Management →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft, source code analysis for further vulnerabilities, and potential lateral movement to other systems.

🟠

Likely Case

Theft of sensitive data including database credentials, user information, and proprietary source code leading to data breach.

🟢

If Mitigated

Limited impact if proper network segmentation and file system permissions prevent access to critical system files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only web access to the vulnerable endpoint with directory traversal payloads.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Contact Northstar Technologies for patch information. Consider upgrading to a newer version if available.

🔧 Temporary Workarounds

Block vulnerable endpoint

all

Configure web server or WAF to block access to /northstar/filemanager/download.jsp

# Apache: RewriteRule ^/northstar/filemanager/download\.jsp - [F]
# Nginx: location ~ ^/northstar/filemanager/download\.jsp { deny all; }

Implement input validation

all

Add input validation to reject directory traversal sequences in file parameters

🧯 If You Can't Patch

  • Implement strict network access controls to limit access to the application
  • Deploy web application firewall with directory traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Attempt to access /northstar/filemanager/download.jsp?file=../../../../etc/passwd (or similar traversal) and check if file contents are returned.

Check Version:

Check application version in web interface or configuration files

Verify Fix Applied:

Test the same directory traversal attempts after applying workarounds to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /northstar/filemanager/download.jsp with ../ sequences in parameters
  • Unusual file access patterns from web server process

Network Indicators:

  • HTTP requests containing directory traversal patterns (../, ..\) to the vulnerable endpoint

SIEM Query:

source="web_server" AND uri_path="/northstar/filemanager/download.jsp" AND (uri_query="*../*" OR uri_query="*..\*")

📊 Metadata

CVE ID: CVE-2021-29395
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: February 4, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29395, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)