Path Traversal Vulnerability in Keymaker Server (Version < 0.2.0) Allows Unauthorized File Access

Path Traversal Vulnerability in Keymaker Server (Version < 0.2.0) Allows Unauthorized File Access

CVE-2021-21269 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.

Learn more about our Cis Benchmark Audit For Server Software.