Cyber Resilience

CVE-2024-43033

HighPublic PoC

Published: 22 August 2024

Published
22 August 2024
Modified
03 June 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0150 81.5th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-43033 is a high-severity Improper Handling of Windows ::DATA Alternate Data Stream (CWE-69) vulnerability in Jpress Jpress. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique NTFS File Attributes (T1564.004); ranked in the top 18.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1564.004 NTFS File Attributes Stealth
Adversaries may use NTFS file attributes to hide their malicious data in order to evade detection.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Arbitrary file upload in public-facing JPress web app (T1190) enables RCE via web shells like .jsp::$DATA (T1100, T1505.003), leveraging NTFS alternate data streams for evasion (T1096).

Affected Assets

jpress
jpress
≤ 5.1.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References