CVE-2024-9362

Directory Traversal in polyaxon/polyaxon

CVSS 7.5 HIGHEPSS 4.2%CWE-22

Vexday Risk Score

36Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 7.5EPSS 4.2%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

20 Mar 2025Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue enables access to system directories such as `/etc`, potentially resulting in significant security risks.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

polyaxon · polyaxon/polyaxon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d