You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the security issue
A path traversal vulnerability exists in Mirth Connect Administrator that allows an attacker to access arbitrary files on the server. By manipulating the URL, specifically using a sequence of specially crafted semi-encoded payloads attacker can access to sensitive files outside the web root directory.
Vulnerability Location
This vulnerability is in the Mirth Connect codebase itself.
Environment (please complete the following information if it is applicable to the issue)
OS: Linux (Debian), Windows 11
Java Distribution/Version Java SE 22.0.1
Connect Version
Suggested remediation
Sanitize and validate all input URLs to prevent path traversal sequences. Ensure that the URL paths are resolved within the intended directory structure. Additionally, implementing a security mechanism to disallow URL-encoded traversal characters can mitigate this issue.
Additional context
This vulnerability was discovered during a routine security audit. Exploiting this path traversal vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing critical system and user data.
The text was updated successfully, but these errors were encountered:
If this is some other finding, I am sure the Nextgen team would like to know the specifics (I don't work for Nextgen) and would appreciate you directly reaching out to them.
Describe the security issue
A path traversal vulnerability exists in Mirth Connect Administrator that allows an attacker to access arbitrary files on the server. By manipulating the URL, specifically using a sequence of specially crafted semi-encoded payloads attacker can access to sensitive files outside the web root directory.
Vulnerability Location
This vulnerability is in the Mirth Connect codebase itself.
Environment (please complete the following information if it is applicable to the issue)
Suggested remediation
Sanitize and validate all input URLs to prevent path traversal sequences. Ensure that the URL paths are resolved within the intended directory structure. Additionally, implementing a security mechanism to disallow URL-encoded traversal characters can mitigate this issue.
Additional context
This vulnerability was discovered during a routine security audit. Exploiting this path traversal vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing critical system and user data.
The text was updated successfully, but these errors were encountered: