nginx alias source code disclosure

What this means

The nginx alias source code disclosure vulnerability allows attackers to access files from outside an intended directory and occurs when the configuration of the alias directive in the nginx server is improperly implemented or with improper validation of a file path.

It is caused by a missing trailing slash in the location directive combined with the alias directive which can make it possible to read the source code of the web application

Why this is a problem

This vulnerability allows an attacker to use path traversal payload in the matched location to traverse the file structure and potentially cause:

• sensitive data exposure – attackers could access sensitive application files such as source code, credentials, API keys, and other configurations
• increased attack surface – exposed source code can provide attackers with detailed knowledge about the application’s inner workings, enabling the discovery of further vulnerabilities such as SQL injection or authentication bypass
• compliance violations – if sensitive information, such as user data, is exposed, the organisation may face penalties for violating data protection regulations like GDPR or PCI-DSS
• reputation damage – unauthorised access to sensitive files can lead to reputational harm and loss of user trust

How to check if the problem is there

Open your nginx configuration file, for example /etc/nginx/nginx.conf or virtual host configuration files.

Look for any instances of the alias directive.

Incorrect configuration will look like this:

location /images {
alias /var/www/app/img/;
}

How to fix this

Find all nginx alias directives and make sure that the parent prefixed location ends with directory separator.

Correct configuration will look like this with the trailing slash:

location /images/ {
alias /var/www/app/img/;
}