CVE-2024-55602
CVSS V2 None
CVSS V3 None
Description
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue.
Overview
- CVE ID
- CVE-2024-55602
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-10T16:58:12.982Z
- Last Modified Date
- 2024-12-10T17:22:00.349Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/pwndoc/pwndoc/security/advisories/GHSA-2mqc-gg7h-76p6 | x_refsource_CONFIRM |
https://github.com/pwndoc/pwndoc/commit/1d4219c596f4f518798492e48386a20c6e9a2fe6 | x_refsource_MISC |
https://gist.github.com/JorianWoltjer/8a42e25c6dfa7604020d2a226e193407 | x_refsource_MISC |
https://github.com/pwndoc/pwndoc/blob/2e7f5747d5688b1368e549c786ce7266fe5ab2b5/backend/src/routes/template.js#L103 | x_refsource_MISC |
https://github.com/pwndoc/pwndoc/blob/2e7f5747d5688b1368e549c786ce7266fe5ab2b5/backend/src/routes/template.js#L43-L47 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-55602 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-55602 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-11 13:16:43 | Added to TrackCVE |