Nginx config vulnerability in self-hosted BitWarden

Something to check for in your nginx configs, especially if you’re running your own BitWarden instance. You could be exposing your encrypted vault.

1 Like

I run the vaultwarden container and that “seems” to be ok. Not sure how to check it though :rofl:.

Running an update just in case

while Nginx is a robust and incredibly versatile tool that fuels a significant portion of the internet, it’s easily susceptible to certain inconsistencies. These potential pitfalls are often a result of misconfigurations, which can inadvertently transform this reliable powerhouse into a possible weak link. Nginx’s approach to security leaves a significant onus on developers to avoid hazardous configurations, underscoring the importance of thorough understanding and cautious implementation.

It seems that “onus on developers to avoid hazardous configurations” is doing a lot of heavy lifting here.
While this is probably true for being able to access directories that share the same prefix (ie. /img/ and /img_private/) can be blamed on misconfiguration, the other examples using /../ to do path traversal seem more like a security vulnerability in nginx itself and I’m surprised that this is waved away as being a user configuration issue.

1 Like

Now i’m wondering what the practical way to check for that configuration is.

Something like that articles regex might do the job but at first attempt rgrep -E wasn’t having it.