Lucene search

GoogleOSV:CVE-2024-23822

HistoryJan 29, 2024 - 4:15 p.m.

CVE-2024-23822

2024-01-2916:15:09

Google

osv.dev

thruk

web interface

vulnerability

file upload

path traversal

directory traversal

version 3.12 fix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

CPENameOperatorVersion
thrukeq2.34-2
thrukeq1.86-4
thrukeq1.48
thrukeq0.46
thrukeq2.08
thrukeq1.82-2
thrukeq2.36
thrukeq1.34
thrukeq1.56
thrukeq1.42

Name	Operator	Version
thruk	eq	2.34-2
thruk	eq	1.86-4
thruk	eq	1.48
thruk	eq	0.46
thruk	eq	2.08
thruk	eq	1.82-2
thruk	eq	2.36
thruk	eq	1.34
thruk	eq	1.56
thruk	eq	1.42

Rows per page:

1-10 of 1721

References

github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39

github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.8%

JSON

Related for OSV:CVE-2024-23822