Login Sign Up

CVE-2021-43734

7.5 HIGH

📋 TL;DR

CVE-2021-43734 is a directory traversal vulnerability in kkFileView v4.0.0 that allows attackers to read arbitrary files on the server. This affects organizations using kkFileView v4.0.0 for file preview functionality. The vulnerability can lead to sensitive information disclosure including configuration files, credentials, and other system files.

💻 Affected Systems

Products:
  • kkFileView
Versions: v4.0.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 4.0.0 is affected. Earlier versions are not vulnerable.

📦 What is this software?

Kkfileview by Keking

View all CVEs affecting Kkfileview →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, database credentials, or configuration files containing secrets, potentially leading to lateral movement and data exfiltration.

🟠

Likely Case

Sensitive file disclosure including application configuration, user data, and system information that could enable further attacks.

🟢

If Mitigated

Limited impact with proper file system permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the kkFileView instance. The vulnerability is simple to exploit with basic HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v4.1.0 and later

Vendor Advisory: https://github.com/kekingcn/kkFileView/issues/304

Restart Required: Yes

Instructions:

1. Upgrade kkFileView to version 4.1.0 or later. 2. Download the latest release from GitHub. 3. Replace the existing installation. 4. Restart the kkFileView service.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to kkFileView to trusted IP addresses only

iptables -A INPUT -p tcp --dport [kkFileView_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [kkFileView_port] -j DROP

File System Permissions

linux

Run kkFileView with minimal file system permissions

chown -R kkfileview:kkfileview /opt/kkFileView
chmod -R 750 /opt/kkFileView

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to kkFileView
  • Run kkFileView in a container with read-only file system mounts and minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check if kkFileView version is 4.0.0 by examining the application version or deployment files

Check Version:

Check the application.properties file or web interface for version information

Verify Fix Applied:

Verify kkFileView version is 4.1.0 or later and test directory traversal attempts return proper error responses

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests containing '../' patterns in URL parameters
  • Unusual file access patterns from kkFileView process

Network Indicators:

  • HTTP GET requests with directory traversal sequences to kkFileView endpoints

SIEM Query:

source="kkFileView" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2021-43734
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: February 15, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43734, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)