CVE-2021-43800 : What You Need to Know

Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, a vulnerability existed that allowed directory traversal outside the Wiki.js context on Windows hosts with certain storage modules. This could lead to unauthorized access to files on the system.

Understanding CVE-2021-43800

This CVE details a directory traversal vulnerability in Wiki.js versions prior to 2.5.254 on Windows hosts.

What is CVE-2021-43800?

The vulnerability in Wiki.js allowed for directory traversal outside its context on Windows hosts, potentially enabling an attacker to access files on the server.

The Impact of CVE-2021-43800

The vulnerability had a CVSS base score of 7.5, with high confidentiality impact. Malicious users could exploit this issue to read sensitive files on the system.

Technical Details of CVE-2021-43800

This section provides technical insights into the vulnerability.

Vulnerability Description

The issue allowed unauthorized users to conduct directory traversal attacks on Wiki.js servers running on Windows hosts with specific storage modules enabled.

Affected Systems and Versions

Product: Wiki
Vendor: Requarks
Versions Affected: < 2.5.254

Exploitation Mechanism

Attack Complexity: Low
Attack Vector: Network
Privileges Required: None
User Interaction: None
Scope: Unchanged
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Mitigation and Prevention

Protect your systems from CVE-2021-43800 with the following measures.

Immediate Steps to Take

Disable storage modules with local asset caching capabilities.

Long-Term Security Practices

Regularly update Wiki.js to the latest version.
Implement web application firewalls to filter out malicious URLs.

Patching and Updates

Apply security patches and updates provided by Requarks to address the vulnerability.