CVE-2024-9362

Directory Traversal in polyaxon/polyaxon

CVSS 7.5 HIGHEPSS 4.2%CWE-22

Vexday Risk Score

36Atención

Decisión SSVC (CISA)

Attend

PoC disponible → seguir de cerca

CVSS 7.5EPSS 4.2%KEV nãoPoC —Nuclei simMetasploit —Patch —

Ciclo de vida

20 mar 2025Publicada en NVD

Recomendación: Planificar corrección próxima — ya existe PoC pública.

An unauthenticated directory traversal vulnerability exists in Polyaxon, affecting the latest version. This vulnerability allows an attacker to retrieve directory information and file contents from the server without proper authorization, leading to sensitive information disclosure. The issue enables access to system directories such as `/etc`, potentially resulting in significant security risks.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Productos afectados

polyaxon · polyaxon/polyaxon

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://huntr.com/bounties/d8dcb40f-ce76-4524-8d06-e0f12a07809d