Login Sign Up

CVE-2021-43800

7.5 HIGH

📋 TL;DR

This directory traversal vulnerability in Wiki.js allows attackers to read arbitrary files on Windows systems when specific storage modules are enabled. It affects Wiki.js servers running on Windows with local asset caching enabled, potentially exposing sensitive system files.

💻 Affected Systems

Products:
  • Wiki.js
Versions: All versions prior to 2.5.254
Operating Systems: Windows
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when running on Windows with storage modules implementing local asset cache (e.g., Local File System or Git) enabled.

📦 What is this software?

Wiki.js by Requarks

View all CVEs affecting Wiki.js →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete file system disclosure including sensitive configuration files, credentials, and system files leading to full system compromise.

🟠

Likely Case

Exposure of sensitive application configuration files, user data, and potentially credentials stored in accessible directories.

🟢

If Mitigated

Limited impact if proper WAF filtering blocks malicious URLs or storage modules are disabled.

🌐 Internet-Facing: HIGH - Publicly accessible Wiki.js instances with vulnerable configurations can be exploited remotely.
🏢 Internal Only: MEDIUM - Internal systems are still vulnerable but require internal network access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires crafting special URLs with directory traversal sequences; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.254

Vendor Advisory: https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25

Restart Required: Yes

Instructions:

1. Backup your Wiki.js instance. 2. Update to version 2.5.254 or later via npm (npm update wiki.js) or download from GitHub releases. 3. Restart the Wiki.js service.

🔧 Temporary Workarounds

Disable local asset caching modules

windows

Disable any storage module with local asset caching capabilities (Local File System, Git) in Wiki.js configuration.

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block URLs containing directory traversal sequences.
  • Restrict file system permissions for the Wiki.js service account to minimal required directories.

🔍 How to Verify

Check if Vulnerable:

Check if Wiki.js version is below 2.5.254, running on Windows, with local asset caching storage modules enabled.

Check Version:

npm list wiki.js | grep wiki.js

Verify Fix Applied:

Confirm version is 2.5.254 or higher and verify path sanitization is functioning.

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL patterns with ../ sequences in access logs
  • Failed file access attempts outside Wiki.js directories

Network Indicators:

  • HTTP requests containing directory traversal sequences (../, ..\) to asset endpoints

SIEM Query:

source="wiki.js" AND (url="*../*" OR url="*..\\*")

📊 Metadata

CVE ID: CVE-2021-43800
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: December 6, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-43800, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)