Lucene search

[email protected]CVE-2024-23822

HistoryJan 29, 2024 - 4:15 p.m.

CVE-2024-23822

2024-01-2916:15:09

CWE-22

[email protected]

web.nvd.nist.gov

thruk

web interface

monitoring

vulnerability

file upload

path traversal

directory traversal

cve-2024-23822

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

Affected configurations

Vulners

NVD

Node

snithrukRange<3.12

CPENameOperatorVersion
thruk:thrukthruklt3.12

CPE	Name	Operator	Version
thruk:thruk	thruk	lt	3.12

CNA Affected

[
  {
    "vendor": "sni",
    "product": "Thruk",
    "versions": [
      {
        "version": "< 3.12",
        "status": "affected"
      }
    ]
  }
]

References

github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39

github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for CVE-2024-23822

nvd1 osv1 prion1 cvelist1