Cyber Resilience

CVE-2024-57176

HighPublic PoC

Published: 21 February 2025

Published
21 February 2025
Modified
21 August 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0016 36.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57176 is a high-severity Incomplete Model of Endpoint Features (CWE-437) vulnerability in Antabot White-Jotter. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).

Deeper analysis

CVE-2024-57176 is a directory traversal vulnerability in the shiroFilter function of the White-Jotter project version 0.2.2. The issue enables attackers to access sensitive endpoints via a crafted URL. It carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L) and is classified under CWE-437.

The vulnerability can be exploited remotely by an attacker with low privileges over the network with low attack complexity and no user interaction required. Successful exploitation allows directory traversal to reach sensitive endpoints, resulting in high confidentiality impact through unauthorized data access, along with low-level integrity modification and availability disruption.

The referenced advisory at https://github.com/DYX217/Incorrect-Access-Control provides further details on this incorrect access control issue.

EU & UK References

Vulnerability details

An issue in the shiroFilter function of White-Jotter project v0.2.2 allows attackers to execute a directory traversal and access sensitive endpoints via a crafted URL.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables directory traversal to bypass Shiro authentication filters and access sensitive admin endpoints (e.g., /api/admin/content/article) in the public-facing White-Jotter web application, facilitating exploitation of public-facing applications.

CVEs Like This One

CVE-2024-55629Shared CWE-437

Affected Assets

antabot
white-jotter
0.2.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to directly prevent directory traversal that bypasses access controls to sensitive endpoints.

prevent

Validates information inputs such as crafted URLs to block directory traversal payloads before they reach sensitive endpoints.

prevent

Enforces information flow controls to restrict unauthorized traversal between directories and sensitive endpoints.

References