Plattform
other
Komponente
anka-build
Behoben in
1.42.1
CVE-2024-41922 describes a directory traversal vulnerability affecting Veertu Anka Build versions 1.42.0. This flaw allows an attacker to potentially disclose sensitive information by manipulating the log file download functionality. The vulnerability is triggered by a specially crafted unauthenticated HTTP request. A patch, version 1.42.1, has been released to address this issue.
The primary impact of CVE-2024-41922 is the potential for unauthorized disclosure of sensitive information. An attacker exploiting this vulnerability could craft a malicious HTTP request to traverse directories beyond the intended log file download location. This could lead to the exposure of configuration files, source code, or other confidential data stored on the system. The unauthenticated nature of the vulnerability means that no prior authentication is required to exploit it, significantly broadening the potential attack surface. While the description doesn't detail specific data at risk, the ability to traverse directories suggests a wide range of potential targets.
CVE-2024-41922 was publicly disclosed on 2024-10-03. No public proof-of-concept (PoC) code has been identified as of this writing. The vulnerability's unauthenticated nature and relatively straightforward exploitation path suggest a potential for opportunistic exploitation. It is not currently listed on the CISA KEV catalog, and exploitation is not confirmed.
Organizations utilizing Veertu Anka Build version 1.42.0, particularly those with publicly accessible log file download endpoints, are at risk. Shared hosting environments where multiple users share the same Anka Build instance are also potentially vulnerable.
disclosure
Exploit-Status
EPSS
5.24% (90% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2024-41922 is to immediately upgrade Veertu Anka Build to version 1.42.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting network access to the log file download endpoint. Employing a Web Application Firewall (WAF) with rules to filter out directory traversal attempts can also provide a layer of protection. Regularly review and audit access controls to the Anka Build environment to minimize the potential impact of a successful exploit.
Actualice a una versión parcheada de Veertu Anka Build que solucione la vulnerabilidad de path traversal. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización. Aplique las actualizaciones de seguridad tan pronto como estén disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-41922 is a directory traversal vulnerability in Veertu Anka Build versions 1.42.0, allowing attackers to potentially access sensitive files via HTTP requests.
If you are using Veertu Anka Build version 1.42.0, you are potentially affected by this vulnerability. Upgrade to 1.42.1 or later to mitigate the risk.
The recommended fix is to upgrade Veertu Anka Build to version 1.42.1 or a later version. As a temporary workaround, restrict access to the log file download endpoint using a WAF.
As of the current date, there are no confirmed reports of CVE-2024-41922 being actively exploited in the wild.
Please refer to the Veertu security advisory for CVE-2024-41922 on the Veertu website for detailed information and updates.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.