CVE-2023-39916: 
Rust vulnerability analysis and mitigation

NLnet Labs' Routinator versions 0.9.0 through 0.12.1 contains a path traversal vulnerability (CVE-2023-39916) in the optional 'keep-rrdp-responses' feature. This feature, which is disabled by default, allows users to store the content of responses received for RRDP requests. The vulnerability was discovered by researchers from Fraunhofer SIT and ATHENE (Vendor Advisory).

The vulnerability stems from insufficient URL sanitation in the keep-rrdp-responses feature. When constructing the storage location for RRDP responses from request URLs, the application fails to properly validate the path, potentially allowing attackers to craft URLs that store responses outside the intended directory. The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) and has a CVSS v3.1 base score of 6.5 (MEDIUM) according to NIST's assessment (NVD).

If exploited, this vulnerability could allow an attacker to store files outside of the designated directory through path traversal, potentially leading to unauthorized file system access and manipulation. The CVSS metrics indicate high confidentiality impact with no direct effects on integrity or availability (NVD).

Users can mitigate this vulnerability by either upgrading to Routinator version 0.12.2 or later, which properly validates URIs when creating paths, or by disabling the keep-rrdp-responses option if it was previously enabled (Vendor Advisory).