Plattform
rust
Komponente
jj-lib
Behoben in
0.23.1
0.23.0
CVE-2024-51990 describes a Path Traversal vulnerability discovered in jj-lib, a Git-compatible data store. This vulnerability allows attackers to write files outside the intended clone directory by leveraging specially crafted Git repositories. The vulnerability impacts versions of jj-lib prior to 0.23.0. A fix has been released in version 0.23.0, and users are advised to upgrade.
The primary impact of CVE-2024-51990 is the potential for arbitrary file writes. An attacker who can control the contents of a Git repository cloned by jj-lib can craft a repository containing file objects with path traversal sequences. This allows the attacker to specify arbitrary file paths outside the intended clone directory, effectively writing files to locations they shouldn't have access to. The blast radius depends on the permissions of the user running jj-lib; a privileged user could potentially compromise the entire system. This vulnerability is similar in concept to other path traversal exploits, where attackers manipulate file paths to access or modify unauthorized resources.
CVE-2024-51990 was publicly disclosed on 2024-11-07. There are no known active exploitation campaigns targeting this vulnerability at the time of writing. A public proof-of-concept (PoC) was provided in the original report by @joernchen, demonstrating the vulnerability's exploitability. The vulnerability is not currently listed on the CISA KEV catalog.
Developers and users who rely on jj-lib for managing Git repositories, particularly those who clone repositories from external or untrusted sources, are at risk. This includes individuals and organizations using jj-lib in automated build pipelines or CI/CD systems where repository content is dynamically managed.
• rust / supply-chain: Examine Cargo.toml files for dependencies on jj-lib versions prior to 0.23.0. Use cargo audit to identify vulnerable dependencies.
• generic web: Monitor file system activity for unexpected writes outside the expected clone directory.
# Example: Monitor for writes to /tmp from a jj-lib process
sudo auditctl -w /tmp -p wa -k jj-lib-writesdisclosure
Exploit-Status
EPSS
0.17% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-51990 is to upgrade to version 0.23.0 or later of jj-lib. If upgrading is not immediately feasible, the most effective workaround is to strictly avoid cloning Git repositories from untrusted sources. Carefully vet the origin and contents of any repository before cloning it with jj-lib. There are no specific WAF or proxy rules that can directly mitigate this vulnerability, as it occurs during the file processing stage within jj-lib itself. Monitoring file system activity for unexpected writes outside the expected clone directory could provide some detection capabilities, but this is not a substitute for patching.
Actualice jj a la versión 0.23.0 o superior. Si no puede actualizar, evite clonar repositorios de fuentes desconocidas para mitigar el riesgo de path traversal. La actualización es la solución recomendada para protegerse contra esta vulnerabilidad.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-51990 is a Path Traversal vulnerability in jj-lib, allowing attackers to write files outside the intended clone directory using crafted Git repositories.
You are affected if you are using a version of jj-lib prior to 0.23.0 and clone repositories from untrusted sources.
Upgrade to version 0.23.0 or later of jj-lib. As a temporary workaround, avoid cloning repositories from untrusted sources.
There are currently no known active exploitation campaigns targeting CVE-2024-51990, but a public proof-of-concept exists.
Refer to the jj-lib project's release notes and GitHub repository for updates and advisories related to CVE-2024-51990.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Cargo.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.