CVE-2021-21269 HIGH

CVE-2021-21269: Path Traversal in Keymaker

Vendor Keymaker-Mx
Product keymaker
Weakness CWE-22 · Path traversal
Published January 20, 2021
Last update August 3, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more files than allowed. This is fixed in version 0.2.0.

Key dates

02Disclosure timeline

January 20, 2021 CVE published
August 3, 2024 Record updated