CVE-2024-53844
CVSS 3.1 Score 6.3 of 10 (medium)
Details
Summary
CVE-2024-53844 is a path traversal vulnerability affecting the Enhanced Dialog Driven Interface (EDDI) middleware, specifically the RestExportService.java in its backup export functionality. Maliciously manipulated `botFilename` parameters can lead to unauthorized access of sensitive files on the server. However, the impact of this vulnerability is limited as EDDI usually operates within a Docker container, offering additional security layers and restricted permissions. The recommended solution is to apply the patch in version 5.4, which sanitizes and validates the `botFilename` input. Temporarily, restricting access to the vulnerable endpoint through firewalls or authentication mechanisms is an alternative mitigation measure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Eddi