Plattform
nodejs
Komponente
idurar-erp-crm
Behoben in
4.1.1
CVE-2024-47769 describes a Path Traversal vulnerability discovered in IDURAR ERP CRM, an open-source ERP and CRM accounting software. This flaw allows unauthenticated attackers to potentially read sensitive system files by manipulating URL parameters. The vulnerability impacts versions 4.1.0 and earlier, and a patch is available in version 4.1.1.
The core of the vulnerability lies within the corePublicRouter.js file, where user input is directly appended to a join statement without proper sanitization. This lack of validation enables an attacker to craft malicious, URL-encoded payloads that bypass security checks. By strategically encoding directory traversal sequences (e.g., ../), an attacker can escape the intended path and access arbitrary files on the server. The potential impact includes exposure of configuration files, source code, and other sensitive data, potentially leading to complete system compromise. While the description doesn't explicitly mention it, successful exploitation could facilitate further attacks, such as remote code execution, depending on the files accessed.
CVE-2024-47769 was publicly disclosed on 2024-10-04. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of this writing. Public proof-of-concept exploits are not widely available, but the vulnerability's nature makes it relatively straightforward to exploit given the lack of input validation.
Organizations utilizing IDURAR ERP CRM, particularly those running version 4.1.0 or earlier, are at risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as a compromise of one user's account could potentially lead to access to other users' data or the entire system.
• nodejs / server:
grep -r 'corePublicRouter.js' /var/www/html/• nodejs / server:
journalctl -u node -f | grep -i "path traversal"• generic web:
Inspect access logs for requests containing suspicious path traversal sequences like ../ or encoded equivalents (e.g., %2e%2e%2f).
• generic web:
Use curl to attempt path traversal: curl 'http://<target>/../../../../etc/passwd' (expect a 403 or similar error after mitigation).
disclosure
Exploit-Status
EPSS
1.00% (77% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-47769 is to immediately upgrade IDURAR ERP CRM to version 4.1.1 or later, which contains the necessary fix. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious directory traversal sequences (e.g., ../, %2e%2e%2f). Additionally, restrict access to the vulnerable endpoint (corePublicRouter.js) to authorized users only. Regularly review and audit the application's code for similar vulnerabilities. After upgrading, confirm the fix by attempting to access a file outside the intended directory using a crafted URL; the request should be denied.
Actualice IDURAR ERP CRM a la versión que corrige la vulnerabilidad de path traversal. Consulte el anuncio de seguridad en GitHub para obtener más detalles sobre la versión corregida y las instrucciones de actualización. Como medida temporal, revise y valide las entradas de los usuarios en corePublicRouter.js para evitar la manipulación de rutas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47769 is a Path Traversal vulnerability in IDURAR ERP CRM versions 4.1.0 and below, allowing unauthenticated attackers to potentially read system files.
You are affected if you are running IDURAR ERP CRM version 4.1.0 or earlier. Upgrade to 4.1.1 to mitigate the risk.
Upgrade IDURAR ERP CRM to version 4.1.1 or later. Implement WAF rules to block suspicious path traversal attempts as a temporary workaround.
While no public exploits are currently known, the vulnerability's nature suggests it is likely to be targeted. Proactive mitigation is recommended.
Refer to the IDURAR project's official website and GitHub repository for updates and security advisories related to CVE-2024-47769.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.