CVE-2024-51998
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOW_FILE_URI false or not defined. The check used for URL protocol, is_safe_url, allows file: as a URL scheme. It later checks if local files are permitted, but one of the preconditions for the check is that the URL starts with file://. The issue comes with the fact that the file URI scheme is not required to have double slashes. This issue has been addressed in version 0.47.06 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
AnalysisAI
changedetection.io is a free open source web page change detection tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a webdriver enabled, and ALLOW_FILE_URI false or not defined. The check used for URL protocol, is_safe_url, allows file: as a URL scheme. It later checks if local files are permitted, but one of the preconditions for the check is that the URL starts with file://. The issue comes with the fact that the file URI scheme is not required to have double slashes. This issue has been addressed in version 0.47.06 and all users are advised to upgrade. There are no known workarounds for this vulnerability. Version information: version 0.47.06.
Affected ProductsAI
See vendor advisory for affected versions.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today