CVE-2023-29635
📋 TL;DR
This is a critical file upload vulnerability in Antabot White-Jotter v0.2.2 that allows remote attackers to upload malicious files and execute arbitrary code on the server. The vulnerability affects all deployments of White-Jotter v0.2.2 that expose the coversUpload endpoint.
💻 Affected Systems
- Antabot White-Jotter
📦 What is this software?
Antabot White Jotter by Antabot White Jotter Project
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing remote code execution, data theft, and lateral movement within the network.
Likely Case
Remote code execution leading to web shell installation, data exfiltration, and potential ransomware deployment.
If Mitigated
File uploads blocked or properly validated, preventing malicious file execution.
🎯 Exploit Status
The vulnerability is well-documented in GitHub issues with code references showing the exact vulnerable line.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: https://github.com/Antabot/White-Jotter/issues/157
Restart Required: Yes
Instructions:
1. Check the GitHub repository for any security patches or updates. 2. If no official patch exists, implement the workarounds below. 3. Consider migrating to a different software if White-Jotter is no longer maintained.
🔧 Temporary Workarounds
Implement file upload validation
allAdd server-side validation to restrict file uploads to allowed extensions and scan for malicious content.
# Modify LibraryController.java to add file validation
# Example: Add file extension whitelist and MIME type checking
Disable vulnerable endpoint
allTemporarily disable or restrict access to the coversUpload endpoint.
# In application configuration or firewall rules
# Example: Add @PreAuthorize annotation or remove endpoint
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with file upload protection rules
- Isolate the White-Jotter instance in a restricted network segment with no internet access
🔍 How to Verify
Check if Vulnerable:
Check if running White-Jotter v0.2.2 and examine the LibraryController.java file at line 63 for missing file validation.Check Version:
Check the application version in the project configuration files or build artifacts.Verify Fix Applied:
Test file upload functionality with malicious files to ensure they are rejected or properly validated.📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to /coversUpload endpoint
- Uploads of executable files (e.g., .jsp, .war, .exe)
- Multiple failed upload attempts
Network Indicators:
- HTTP POST requests to /coversUpload with unusual file types
- Traffic patterns indicating file upload exploitation
SIEM Query:
source="web_server" AND (uri="/coversUpload" OR file_upload="true") AND (file_extension="jsp" OR file_extension="war" OR file_extension="exe")🔗 References
- https://github.com/Antabot/White-Jotter/blob/c1c5d66fda090b986b8f46a7132d403e3b038c5d/wj/src/main/java/com/gm/wj/controller/LibraryController.java#L63
- https://github.com/Antabot/White-Jotter/issues/157
- https://github.com/Antabot/White-Jotter/blob/c1c5d66fda090b986b8f46a7132d403e3b038c5d/wj/src/main/java/com/gm/wj/controller/LibraryController.java#L63
- https://github.com/Antabot/White-Jotter/issues/157
