pacmano1
commented
4 months ago What do you mean?
There is:
- The Mirth Connect Server Process
- The Mirth Connect Administrattive Launcher
- The Mirth Connect Administrator tool (why would this have a traversal problem? It is a client UI to manage mirth)
Are you saying the Mirth Connect Server Process has this problem?
What version of Mirth?
Also, is your tool finding: https://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html? An already known and patched CVE in mirth 4.5?
If this is some other finding, I am sure the Nextgen team would like to know the specifics (I don't work for Nextgen) and would appreciate you directly reaching out to them.
sg-prc
Describe the security issue A path traversal vulnerability exists in Mirth Connect Administrator that allows an attacker to access arbitrary files on the server. By manipulating the URL, specifically using a sequence of specially crafted semi-encoded payloads attacker can access to sensitive files outside the web root directory.
Vulnerability Location This vulnerability is in the Mirth Connect codebase itself.
Environment (please complete the following information if it is applicable to the issue)
Suggested remediation Sanitize and validate all input URLs to prevent path traversal sequences. Ensure that the URL paths are resolved within the intended directory structure. Additionally, implementing a security mechanism to disallow URL-encoded traversal characters can mitigate this issue.
Additional context This vulnerability was discovered during a routine security audit. Exploiting this path traversal vulnerability can lead to unauthorized access to sensitive files on the server, potentially exposing critical system and user data.