Description
NGINX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.
The NGINX alias directive defines a replacement for the specified location.
For example, with the following configuration:
location /i/ { alias /data/w3/images/; }on request of /i/top.gif, the file /data/w3/images/top.gif will be sent.
But, if the location doesn't ends with directory separator (i.e. /):
location /i { alias /data/w3/images/; }on request of /i../app/config.py, the file /data/w3/app/config.py will be sent.
The incorrect configuration of the alias could allow an attacker to read file stored outside the target folder.
Remediation
Find all NGINX alias directives and make sure that the parent prefixed location ends with directory separator.
References
Related Vulnerabilities
WordPress Plugin CIP4 Folder Download Widget Local File Inclusion (1.10)
WordPress Plugin Zedna eBook download Directory Traversal (1.1)
WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)
WordPress Plugin WP e-Commerce Shop Styling Arbitrary File Download (2.5)
WordPress Plugin Wp-ImageZoom 'file' Parameter Information Disclosure (1.0.3)