CVE-2021-40978
published 2021-10-07CVE-2021-40978: The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the…
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
14.76%
96.3th percentile
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-mkdocs | — | — |
| mkdocs | mkdocs | — | — |
| mkdocs | mkdocs | >= 1.2.2 < 1.2.3 | 1.2.3 |
Detection & IOCsextracted from sources · hover to see the quote
path/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd
- →Look for URL-encoded directory traversal sequences (%2e%2e) in HTTP GET requests targeting port 8000, specifically attempting to reach /etc/passwd via 7 traversal levels.
- →A successful exploitation response will return HTTP 200 with a body matching the regex 'root:[x*]:0:0:', indicating /etc/passwd content was served.
- →Exploitation requires the MKdocs dev-server to be publicly exposed; monitor for external connections to port 8000 running MKdocs 1.2.2.
- ·The vulnerability is disputed by the vendor; exploitation requires the dev-server to be intentionally exposed publicly, which is not its intended use case.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Directory traversal in mkdocs
osv·2021-10-12
CVE-2021-40978 [HIGH] Directory traversal in mkdocs
Directory traversal in mkdocs
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
GHSA
Directory traversal in mkdocs
ghsa·2021-10-12
CVE-2021-40978 [HIGH] CWE-12 Directory traversal in mkdocs
Directory traversal in mkdocs
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information.
OSV
CVE-2021-40978: The mkdocs 1
osv·2021-10-07·CVSS 7.5
CVE-2021-40978 [HIGH] CVE-2021-40978: The mkdocs 1
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
OSV
CVE-2021-40978: ** DISPUTED ** The mkdocs 1
osv·2021-10-07·CVSS 7.5
CVE-2021-40978 [HIGH] CVE-2021-40978: ** DISPUTED ** The mkdocs 1
** DISPUTED ** The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1.
Debian
CVE-2021-40978: python-mkdocs - The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8...
vendor_debian·2021·CVSS 7.5
CVE-2021-40978 [HIGH] CVE-2021-40978: python-mkdocs - The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8...
The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
Nuclei
MKdocs 1.2.2 - Directory Traversal
nuclei·CVSS 7.5
CVE-2021-40978 [HIGH] MKdocs 1.2.2 - Directory Traversal
MKdocs 1.2.2 - Directory Traversal
The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.
Template:
id: CVE-2021-40978
info:
name: MKdocs 1.2.2 - Directory Traversal
author: pikpikcu
severity: high
description: The MKdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain sensitive information. Note the vendor has disputed the vulnerability (see references) because the dev server must be used in an unsafe way (namely public) to have this vulnerability exploited.
impa
No writeups or analysis indexed.
https://github.com/mkdocs/mkdocshttps://github.com/mkdocs/mkdocs/issues/2601https://github.com/nisdn/CVE-2021-40978https://github.com/nisdn/CVE-2021-40978/issues/1https://github.com/mkdocs/mkdocshttps://github.com/mkdocs/mkdocs/issues/2601https://github.com/nisdn/CVE-2021-40978https://github.com/nisdn/CVE-2021-40978/issues/1
2021-10-07
Published