CVE-2024-53844

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 22

Summary

CVE-2024-53844 is a path traversal vulnerability affecting the Enhanced Dialog Driven Interface (EDDI) middleware, specifically the RestExportService.java in its backup export functionality. Maliciously manipulated `botFilename` parameters can lead to unauthorized access of sensitive files on the server. However, the impact of this vulnerability is limited as EDDI usually operates within a Docker container, offering additional security layers and restricted permissions. The recommended solution is to apply the patch in version 5.4, which sanitizes and validates the `botFilename` input. Temporarily, restricting access to the vulnerable endpoint through firewalls or authentication mechanisms is an alternative mitigation measure.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share