CVE-2024-23822
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Jan 29, 2024
Updated: Feb 5, 2024
CWE ID 22
Summary
CVE-2024-23822 affects the Thruk web monitoring application, which allows a threat actor to exploit a path traversal vulnerability in the file upload form. Prior to version 3.12, Thruk's web interface lacked adequate input validation, enabling attackers to upload files to arbitrary server paths with desired permissions. This issue poses a significant risk, as it may lead to data leakage, unauthorized access, or even system compromise. It is crucial for organizations using Thruk to update to version 3.12 to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share