CVE-2024-45388

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 2, 2024
Updated: Sep 3, 2024
CWE ID 200

Summary

CVE-2024-45388 is a vulnerability in Hoverfly, a lightweight service virtualization tool, which allows attackers to read arbitrary files from the server through the /api/v2/simulation POST handler by exploiting a path traversal flaw. The affected products include various versions of Hoverfly, and the issue arises because attackers can use ../ segments to escape the designated base path despite restrictions on absolute paths. To remediate this vulnerability, users should ensure that the final file path remains within the intended base path as specified in their configuration. The potential danger is significant, as it poses a high risk of information exposure (CWE-200), with a CVSS score of 7.5 indicating high confidentiality impact and low attack complexity. Organizations utilizing Hoverfly should apply security updates and validate configurations to mitigate risks associated with this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share