Plattform
linux
Komponente
pi-hole
Behoben in
5.18.1
CVE-2024-28247 describes an Arbitrary File Access vulnerability discovered in Pi-hole, a popular DNS sinkhole. This flaw allows authenticated users to read internal server files, potentially exposing sensitive data and configuration information. The vulnerability impacts Pi-hole versions 5.17 and earlier, and a fix is available in version 5.18.
An attacker exploiting this vulnerability could gain access to internal server files within the Pi-hole installation. Because Pi-hole often runs with elevated privileges, this access could expose sensitive configuration data, API keys, or other credentials used by the system. The ability to read these files could enable further compromise of the network, potentially leading to lateral movement or data exfiltration. The impact is amplified in environments where Pi-hole is used as a central DNS server for multiple devices, as a compromised Pi-hole could expose the DNS configuration of the entire network.
CVE-2024-28247 was publicly disclosed on March 27, 2024. There is currently no indication of active exploitation in the wild, and it is not listed on CISA KEV. Public proof-of-concept (PoC) code is not widely available, but the vulnerability's nature suggests it could be relatively easy to exploit once a suitable PoC is developed. The EPSS score is likely to be assessed as medium, given the requirement for authentication and the lack of widespread exploitation.
Organizations and individuals relying on Pi-hole for DNS filtering are at risk, particularly those running older versions (≤5.17). Shared hosting environments where multiple users share a Pi-hole instance are especially vulnerable, as a compromised account on one user's site could potentially be used to exploit the vulnerability on others' sites. Those with custom adlists referencing local files are also at increased risk.
• linux / server:
journalctl -u pihole -g "file*"• linux / server:
ps aux | grep -i 'file*'• generic web: Use curl to test for file access via the adlist endpoint. Check for responses indicating successful file reads.
curl -v 'http://pihole_ip/admin/settings.php?tab=adlists&list=file:///etc/pihole/pihole-FTL.conf' 2>&1 | grep 'HTTP/1.1 200 OK'disclosure
Exploit-Status
EPSS
5.58% (90% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-28247 is to upgrade Pi-hole to version 5.18 or later, which contains the fix. If an immediate upgrade is not possible due to compatibility issues or testing requirements, consider restricting access to the Pi-hole web interface to trusted users only. Review the list of 'Adlists' and ensure no entries begin with 'file*' to prevent local file access attempts. Monitor Pi-hole logs for any unusual file access attempts or errors related to adlist processing. While a WAF cannot directly prevent this vulnerability, it can be configured to detect and block suspicious requests targeting file access endpoints.
Actualice Pi-hole a la versión 5.18 o superior. Esta actualización corrige la vulnerabilidad que permite la lectura arbitraria de archivos con privilegios de root. Puede actualizar a través de la interfaz web de Pi-hole o mediante la línea de comandos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28247 is a vulnerability in Pi-hole versions 5.17 and earlier that allows authenticated users to read internal server files, potentially exposing sensitive data.
You are affected if you are running Pi-hole version 5.17 or earlier. Upgrade to version 5.18 or later to resolve the issue.
Upgrade Pi-hole to version 5.18 or later. Restrict access to the web interface and implement strong password policies as interim measures.
There is currently no public evidence of active exploitation, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official Pi-hole security advisory: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-9g92-3945-389x
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.