EUVD-2024-54682
GHSA-8pcp-r83j-fc92
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
4Tags
Description
Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
Analysis
Directory traversal vulnerability in the recv_file method that permits authenticated attackers to write arbitrary files to the master cache directory, potentially leading to code execution or system compromise. The vulnerability affects products using vulnerable file reception mechanisms and carries a critical CVSS 9.6 score with network accessibility and low complexity. While specific KEV/EPSS data was not provided in the intelligence briefing, the combination of high CVSS, low attack complexity, and authenticated-but-common access vectors suggests elevated real-world risk.
Technical Context
This vulnerability exploits improper input validation in the recv_file method, classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'). The root cause involves insufficient sanitization of file paths before writing to the cache directory, allowing attackers to use path traversal sequences (e.g., '../', '..\') to escape the intended directory boundary and write files to arbitrary locations within the master cache filesystem. The affected technology likely involves distributed computing, caching systems, or remote file transfer protocols where multiple nodes interact with shared cache directories. Without specific CPE data provided, the vulnerability appears to impact cache management systems or similar infrastructure components that handle file operations across trust boundaries.
Affected Products
Specific product names, versions, and CPE strings were not provided in the intelligence briefing. However, based on the vulnerability description, affected products likely include: distributed cache systems, remote file transfer components, master-slave computing architectures, or cluster management software that implements recv_file functionality. To identify specific affected products, vendor security advisories and CVE/CPE databases (NVD, vendor security pages) should be consulted. Organizations should search their environment for: systems implementing 'recv_file' methods, software with cache directory operations, and authenticated file transfer mechanisms that may lack path traversal protections.
Remediation
1) IMMEDIATE: Identify and inventory all systems running software with vulnerable recv_file implementations. 2) PATCH: Apply vendor security updates as released (specific patch versions not provided in briefing—consult vendor advisories directly). 3) WORKAROUNDS (if patches unavailable): Implement strict input validation on all file path parameters before reaching recv_file, enforce chroot/jail restrictions on cache directory access, use allowlist-based path validation rejecting '../' and similar sequences, implement filesystem-level protections (read-only parent directories, restrictive permissions). 4) DETECTION: Monitor for HTTP requests/protocol messages containing path traversal sequences ('../', '..\', Unicode encodings) targeting recv_file endpoints; audit cache directory for unexpected files. 5) ACCESS CONTROL: Restrict authentication credentials for cache systems; implement network segmentation limiting access to cache directories.
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| trusty | needs-triage | - |
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| jammy | needs-triage | - |
| noble | DNE | - |
| oracular | DNE | - |
| plucky | DNE | - |
| upstream | needs-triage | - |
| questing | DNE | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| (unstable) | fixed | (unfixed) | - |
Share
External POC / Exploit Code
Leaving vuln.today