Cyber Resilience

CVE-2024-23822

MediumPublic PoC

Published: 29 January 2024

Published
29 January 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
EPSS Score 0.0030 54.1th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-23822 is a medium-severity Path Traversal (CWE-22) vulnerability in Thruk Thruk. Its CVSS base score is 5.4 (Medium).

Operationally, ranked in the top 45.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and…

more

have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

thruk
thruk
≤ 3.12

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References