Directory Traversal Vulnerability Found on Port 10080, Sensitive Information Can Be Obtained

This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 发现10080端口存在目录遍历漏洞,可获取敏感信息

| username: TiDBer_gjCe1YFS

[TiDB Usage Environment] Production Environment
[TiDB Version] v6.1.2
[Encountered Problem: Phenomenon and Impact]
Security vulnerability scan found that the default status_port 10080 of TiDB has a directory traversal issue, with a high-security level.

How can this problem be resolved? I’ve been looking for a long time but couldn’t find any access permission settings.

| username: Jellybean | Original post link

Are there no firewall or other restrictions on the internal machines?

| username: TiDBer_gjCe1YFS | Original post link

No, it’s closed. The preferred solution is to handle it within TiDB.

| username: WalterWj | Original post link

Note to test this, this feature is not enabled that often.

| username: TiDBer_gjCe1YFS | Original post link

Is this the simplest solution?

| username: ShawnYan | Original post link

So it depends on how you define security vulnerabilities. Port restrictions are at the network layer, so it can be said that the network has security vulnerabilities, not an issue with TiDB.

| username: ffeenn | Original post link

Shouldn’t this be transmitted with encryption?

| username: redgame | Original post link

This is a feature, not a bug.

| username: zhanggame1 | Original post link

A vulnerability is a vulnerability; there shouldn’t be an interface that can access arbitrary files.

| username: cy6301567 | Original post link

It’s okay.

| username: h5n1 | Original post link

Where does it say that any file can be accessed?

| username: 像风一样的男子 | Original post link

I guess this port is used to read TiDB logs and slow query logs.

| username: zhanggame1 | Original post link

Directory Traversal Vulnerability Definition

Directory traversal (also known as file path traversal, directory climbing, path traversal, or path climbing) is a security vulnerability that allows attackers to read arbitrary files on the application server without authorization. This includes application code, data, credentials, and sensitive operating system files. In some cases, attackers may also be able to write arbitrary files on the server, alter application data, or even take full control of the server.

| username: h5n1 | Original post link

Is the scan result of this terminal tool considering it a directory traversal vulnerability just because it found the directory structure under this port, or has it already accessed the files on the host through this port?

| username: zhanggame1 | Original post link

Missed scans are generally unreliable; they often report vulnerabilities just by seeing the software version number of an HTTP website without actually attempting a vulnerability attack. However, if there are vulnerabilities, they need to be addressed according to compliance requirements, which can be quite troublesome.