2 matches found
CVE-2024-23822
CVE-2024-23822 affects Thruk, a multibackend web monitoring interface. Prior to version 3.12, the product’s file upload form allows a threat actor to perform a path traversal vulnerability, enabling arbitrary file uploads to chosen server paths and permissions. The root cause is insufficient vali...
CVE-2024-23822 Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as...