Login Sign Up

CVE-2023-26820

7.5 HIGH
Path Traversal

📋 TL;DR

CVE-2023-26820 is a path traversal vulnerability in siteproxy v1.0 that allows attackers to read arbitrary files on the server by manipulating file paths through the index.js component. This affects all users running the vulnerable version of siteproxy, potentially exposing sensitive server files.

💻 Affected Systems

Products:
  • siteproxy
Versions: v1.0
Operating Systems: All platforms running Node.js
Default Config Vulnerable: ⚠️ Yes
Notes: Only version 1.0 is confirmed vulnerable. The vulnerability exists in the default configuration.

📦 What is this software?

Siteproxy by Siteproxy Project

View all CVEs affecting Siteproxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server file system disclosure including configuration files, credentials, and sensitive application data leading to full system compromise.

🟠

Likely Case

Unauthorized reading of sensitive files such as configuration files, logs, or source code, potentially enabling further attacks.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation preventing access to critical system files.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit this to access sensitive files.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub issue shows proof-of-concept exploitation details. The vulnerability is simple to exploit with basic HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.0.1 or later

Vendor Advisory: https://github.com/netptop/siteproxy/issues/67

Restart Required: Yes

Instructions:

1. Stop the siteproxy service. 2. Update to v1.0.1 or later using npm update siteproxy. 3. Restart the service.

🔧 Temporary Workarounds

Input Validation Filter

all

Add path traversal validation to filter malicious input before processing.

// Add path traversal check in index.js
const path = require('path');
const safePath = path.normalize(userInput).replace(/^(\/|\\)+/, '');

File Access Restriction

all

Implement file access restrictions to limit which directories can be accessed.

// Restrict file access to specific directory
const allowedDir = '/var/www/safe';
const requestedPath = path.join(allowedDir, userInput);

🧯 If You Can't Patch

  • Implement network segmentation to isolate siteproxy from sensitive systems
  • Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Test by attempting to access files outside the intended directory using ../ sequences in requests to the siteproxy endpoint.

Check Version:

npm list siteproxy | grep siteproxy

Verify Fix Applied:

After patching, attempt the same path traversal attacks to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Multiple requests containing ../ sequences
  • Access to unusual file paths in logs
  • Failed file access attempts outside expected directories

Network Indicators:

  • HTTP requests with ../ patterns in URL parameters
  • Unusual file extension requests to siteproxy endpoints

SIEM Query:

source="siteproxy" AND (url="*../*" OR url="*..\\*")

📊 Metadata

CVE ID: CVE-2023-26820
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: April 7, 2023
Last Updated: February 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-26820, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)