CVE-2020-37214
Directory Traversal in Voyager 1.3.0 Allows Sensitive File Access
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| the_control_group | voyager | to 1.3.0 (inc) |
| the_control_group | voyager | From 1.0.0 (inc) to 1.3.0 (inc) |
| the_voyager | voyager | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37214 is a directory traversal vulnerability in Voyager version 1.3.0 and earlier. It exists in the asset path parameter of the /admin/voyager-assets endpoint. The vulnerability arises because the application attempts to sanitize the user-supplied path parameter by removing '../' and './' sequences, but this sanitization is insufficient. Attackers can craft encoded payloads that bypass these filters and traverse directories outside the intended assets folder."}, {'type': 'paragraph', 'content': 'By exploiting this flaw, an attacker can read arbitrary files on the server, including sensitive system files such as /etc/passwd and Laravel environment configuration files like .env. The vulnerability allows remote attackers to access these files without any privileges or user interaction.'}] [1, 3]
How can this vulnerability impact me? :
This vulnerability can have serious impacts as it allows attackers to read sensitive files on the server remotely without any authentication or user interaction.
- Exposure of sensitive system files such as /etc/passwd, which can reveal user account information.
- Access to configuration files like .env, which may contain database credentials, API keys, and other secrets.
- Potentially enabling further attacks by gathering critical information about the system and application environment.
The vulnerability has a high severity score (CVSS v4 base score 8.7), indicating a high confidentiality impact with no required privileges or user interaction.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the directory traversal flaw in the /admin/voyager-assets endpoint by manipulating the path parameter to access sensitive files such as /etc/passwd or .env.'}, {'type': 'paragraph', 'content': 'A practical detection method is to send crafted HTTP requests to the vulnerable endpoint with encoded directory traversal payloads that bypass the insufficient sanitization. For example, using curl commands to request files outside the intended directory.'}, {'type': 'list_item', 'content': 'curl -v "http://<target>/admin/voyager-assets?path=.....%2F%2F%2Fetc%2Fpasswd"'}, {'type': 'list_item', 'content': 'curl -v "http://<target>/admin/voyager-assets?path=.....%2F%2F%2F.env"'}, {'type': 'paragraph', 'content': 'If the server responds with the contents of these sensitive files, it confirms the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Voyager to a version later than 1.3.0 where this vulnerability is fixed or applying patches that properly sanitize the path parameter to prevent directory traversal.
If upgrading is not immediately possible, restrict access to the /admin/voyager-assets endpoint via firewall rules or web server configuration to trusted IP addresses only.
Additionally, monitor logs for suspicious requests containing encoded traversal sequences targeting the path parameter and respond accordingly.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know