Vulnerability Description
Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Thruk | Thruk | < 3.12 |
Related Weaknesses (CWE)
References
- https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39Patch
- https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjxExploitPatchVendor Advisory
- https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39Patch
- https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjxExploitPatchVendor Advisory
FAQ
What is CVE-2024-23822?
CVE-2024-23822 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload fi...
How severe is CVE-2024-23822?
CVE-2024-23822 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23822?
Check the references section above for vendor advisories and patch information. Affected products include: Thruk Thruk.