Pre-auth path traversal in Nezhah Agent leaks JWT secret via /dashboard prefix confusion

Vulnerability Overview Vulnerability Name: Pre-auth path traversal via prefix confusion leaks Vulnerability Description: Vulnerability Type: Path Traversal Affected Component: Affected Versions: < 2.0.13 Fixed Version: 2.0.13 Vulnerability Details: In the 's handler, any raw string starting with is treated as a frontend asset request. The use of instead of path segment matching allows input such as to be accepted. leaves , which is normalized to via . This file is then returned by and . In a default deployment, contains the HS256 used to sign every dashboard session token. An unauthenticated attacker can read this file, forge an administrator JWT, and log in as any user, thereby taking complete control of the dashboard. Impact Scope Direct Primitive: An unauthenticated attacker can read any file within the subtree of the dashboard's working directory. Included in Default Deployment: - : Contains the (signing key, HS256), , OAuth client secrets, GitHub release tokens, GeoIP API keys, and any custom keys. - : Complete dashboard state, including users (including administrators), bcrypt password hashes, server registrations, API tokens, and notification configurations. Admin Account Takeover Chain: 1. Read Configuration: returns plain-text YAML containing the . 2. Read Database: returns the SQLite file; the attacker opens it and reads the table to obtain the administrator user ID (and other JWT references). 3. Forge JWT: The dashboard JWT middleware signs tokens using HS256 at . Possession of the key is sufficient to forge a token that passes validation. The attacker forges a token with a field matching the administrator user ID obtained in step 2, and attaches it as the cookie ( ). 4. Operate as Administrator: Every admin handler ( chain) now accepts the forged token, granting CRUD permissions for servers, users, cron jobs, notifications, and OAuth settings. This chain is fully deterministic against a default-configured dashboard: two unauthenticated HTTP GET requests and one JWT signing operation, with no race conditions, no user interaction, and no specific timing requirements. Remediation Recommended Fixes: - Make the prefix check segment-aware and reject paths that escape the cleaned template root before any file system calls. Minimal diff: - The redirect from to already exists at line 382, so requiring a trailing slash is safe and consistent with the regular expression in . - The same hardening measures should be applied to the user template path (lines 399-405), which uses the same pattern with . Although the prefix confusion vector does not directly hit it, any future code changes that pass a controlled to this branch would reintroduce the same primitive. - A deeper defensive alternative is to replace the local with the branch by using nested within the embedded subdirectory. This would preserve the embedded FS contract and completely remove working directory escape possibilities. POC Code

Goal Reached Thanks to every supporter — we hit 100%!

Pre-auth path traversal in Nezhah Agent leaks JWT secret via /dashboard prefix confusion

More from this source