CVE-2024-23822

Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)

CVSS 5.4 MEDIUMEPSS 1.4%CWE-22

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.4EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

29 ene 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Productos afectados

sni · Thruk

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39 https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx