CVE-2024-45388
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-45388 is a vulnerability in Hoverfly, a lightweight service virtualization tool, which allows attackers to read arbitrary files from the server through the /api/v2/simulation POST handler by exploiting a path traversal flaw. The affected products include various versions of Hoverfly, and the issue arises because attackers can use ../ segments to escape the designated base path despite restrictions on absolute paths. To remediate this vulnerability, users should ensure that the final file path remains within the intended base path as specified in their configuration. The potential danger is significant, as it poses a high risk of information exposure (CWE-200), with a CVSS score of 7.5 indicating high confidentiality impact and low attack complexity. Organizations utilizing Hoverfly should apply security updates and validate configurations to mitigate risks associated with this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.