CVE-2020-37041 in OpenCTI
Summary
by MITRE • 01/31/2026
OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../../../../../../../../etc/passwd returns the contents of /etc/passwd. This vulnerability was discovered by Raif Berkay Dincel and confirmed on Linux Mint and Windows 10.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 01/31/2026
The vulnerability identified as CVE-2020-37041 affects OpenCTI version 3.3.1 and represents a critical directory traversal flaw that exposes the application to unauthorized file access. This weakness resides within the static/css endpoint of the web application, which fails to properly validate or sanitize user input containing path traversal sequences. The vulnerability allows unauthenticated attackers to manipulate the application's file serving mechanism by injecting malicious path traversal characters such as '../' into the URL parameters, thereby enabling arbitrary file reading from the underlying filesystem.
The technical implementation of this vulnerability stems from inadequate input validation and improper path handling within the application's static file serving component. When the application processes requests to the static/css endpoint, it does not sufficiently sanitize the incoming path parameters, allowing attackers to navigate beyond the intended directory boundaries. This flaw directly maps to CWE-22, which defines improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal. The vulnerability's exploitation demonstrates how insufficient input validation can lead to complete system compromise, as attackers can access sensitive system files including configuration data, credential files, and system binaries.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with potential access to critical system resources that could facilitate further exploitation. An attacker who successfully exploits this vulnerability can retrieve sensitive files such as /etc/passwd on Linux systems, which contains user account information and hashed passwords. This access could enable privilege escalation attacks, credential harvesting, or the discovery of additional system vulnerabilities. The vulnerability's presence on both Linux Mint and Windows 10 platforms indicates a widespread impact across different operating systems, suggesting that the flaw exists in the application's core file handling logic rather than being platform-specific.
The security implications of this directory traversal vulnerability align with ATT&CK technique T1083, which covers the discovery of system information through file and directory listing. Attackers can leverage this vulnerability to enumerate the target system's filesystem structure, potentially identifying other sensitive files or directories that could be exploited in subsequent attack phases. The unauthenticated nature of this vulnerability makes it particularly dangerous as it requires no prior credentials or access privileges to exploit. Organizations using OpenCTI 3.3.1 should immediately implement mitigations including input validation, proper path normalization, and restriction of file access to intended directories only. The vulnerability underscores the critical importance of implementing secure coding practices, particularly around input validation and file access controls, to prevent such fundamental security flaws from being present in web applications.
Mitigation strategies should include implementing proper input validation and sanitization mechanisms to prevent path traversal sequences from being processed by the application. Organizations should deploy web application firewalls that can detect and block suspicious path traversal attempts, while also ensuring that the application's static file serving functionality operates within restricted directory boundaries. The recommended approach involves normalizing all file paths before processing, implementing strict access controls, and regularly auditing file access patterns to detect potential exploitation attempts. Additionally, upgrading to a patched version of OpenCTI that addresses this vulnerability should be prioritized, as the flaw represents a fundamental security weakness that could enable more sophisticated attacks if left unaddressed.