CVE-2024-34470
Published: 06 May 2024
Summary
CVE-2024-34470 is a high-severity Path Traversal: '\..\filename' (CWE-29) vulnerability in Hsclabs Mailinspector. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-34470 is an unauthenticated path traversal vulnerability affecting HSC Mailinspector versions 5.2.17-3 through 5.2.18. It resides in the /public/loader.php endpoint, where the path parameter fails to validate whether requested files or directories reside inside the webroot, allowing arbitrary file reads on the underlying server. The flaw is tracked under CWE-29 and carries a CVSS 3.1 score of 8.6.
An attacker with network access can exploit the issue without credentials or user interaction by supplying crafted path values that traverse outside the intended directory tree. Successful exploitation yields high-impact disclosure of sensitive files on the server, with the vulnerability's changed scope increasing potential reach beyond the vulnerable application.
Public proof-of-concept code demonstrating the traversal has been published on GitHub. The associated EPSS score currently stands at 0.9278 after reaching a peak of 0.9367, reflecting elevated and sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-34819
Vulnerability details
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an…
more
attacker to read arbitrary files on the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated path traversal in public-facing web app (T1190) enables arbitrary file reads (T1005), file/directory discovery (T1083), local account discovery via /etc/passwd (T1087.001), and OS credential dumping via /etc/passwd and /etc/shadow (T1003.008).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.