About Hoverfly Vulnerability: CVE-2024-45388 - A Path to File Disclosure

Hoverfly, a popular service virtualization tool, faces a critical vulnerability (CVE-2024-45388) that allows attackers to read arbitrary files from the server. This vulnerability arises from a flaw in the /api/v2/simulation POST handler, where users can create new simulations by specifying a file containing the simulation data.

Exploiting the Vulnerability

The vulnerability stems from the ability to specify a file path for the simulation data. While the code attempts to prevent absolute paths, an attacker can bypass this restriction by using directory traversal techniques. By inserting ../ segments into the file path, the attacker can escape the intended base path (hf.Cfg.ResponsesBodyFilesPath) and access files located outside of the intended directory.

For example, an attacker could specify a file path like ../../../etc/passwd to read the system's password file. This exploit allows an attacker to potentially access sensitive data stored on the server.

Impact and Mitigation

The successful exploitation of this vulnerability can lead to significant security breaches, including:

• Data Breaches: Access to sensitive files containing confidential information like user data, financial records, or proprietary code.

• System Compromise: Access to system configuration files and other critical components, allowing attackers to potentially gain control over the server.

• Denial of Service: Malicious file manipulation could potentially disrupt the functionality of the Hoverfly service.

Mitigating the Vulnerability

Hoverfly version 1.10.3 addresses this vulnerability. Users are strongly advised to update to this version or later to patch the flaw.

In addition to updating to the latest version, users can take the following steps to mitigate the risk:

• Restrict Access: Limit access to the /api/v2/simulation endpoint to authorized users only.

• File Path Validation: Implement strict validation of file paths to prevent directory traversal attacks.

• Security Best Practices: Follow general security best practices, including regular security audits, robust password policies, and proper system hardening.

Technical Details

The vulnerability is rooted in the core/handlers/v2/simulation_handler.go file, specifically line 87, where the file path is constructed. The code uses filepath.Join to combine the base path with the user-provided file path. However, this function does not perform sufficient validation to prevent directory traversal attacks.

Conclusion

CVE-2024-45388 represents a serious security vulnerability in Hoverfly that can allow attackers to read arbitrary files from the server. Users should prioritize updating to the latest version and implementing appropriate security measures to mitigate the risk. This vulnerability highlights the importance of careful input validation and robust security practices in software development.

Additional Resources:

• CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2024-45388

• GitHub Security Advisory: https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-6xx4-x46f-f897

• Hoverfly Release Notes: https://github.com/SpectoLabs/hoverfly/releases/tag/v1.10.3

• CodeQL Query: https://codeql.github.com/codeql-query-help/go/go-path-injection

Note: This blog post was written based on the provided information and does not rely on external sources like internet browsing.