CVE-2024-25125

Absolute path traversal vulnerability in digdag server

CVSS 5.3 MEDIUMEPSS 29.6%CWE-22

Vexday Risk Score

18Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 29.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

14 fev 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

treasure-data · digdag

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3 https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5