Scan free
HIGHCVE-2024-28247CVSS 7.6

CVE-2024-28247: Arbitrary File Access in Pi-hole

Platform

linux

Component

pi-hole

Fixed in

5.18.1

AI Confidence: highNVDEPSS 5.6%Reviewed: May 2026
View on NVD
Save

CVE-2024-28247 describes an Arbitrary File Access vulnerability discovered in Pi-hole, a popular DNS sinkhole. This flaw allows authenticated users to read internal server files, potentially exposing sensitive data and configuration information. The vulnerability impacts Pi-hole versions 5.17 and earlier, and a fix is available in version 5.18.

Impact and Attack Scenarios

An attacker exploiting this vulnerability could gain unauthorized access to internal Pi-hole server files. Because Pi-hole typically runs with elevated privileges, this access could expose sensitive configuration data, API keys, or other credentials used by the system. While the vulnerability requires authentication, a compromised user account or a successful brute-force attack could provide the necessary access. The potential impact extends beyond simple data exposure; an attacker could potentially modify configuration files to redirect DNS queries or inject malicious content, disrupting network services and compromising user privacy. The ability to read privileged files elevates the risk significantly, potentially allowing for further exploitation and lateral movement within the network.

Exploitation Context

CVE-2024-28247 was publicly disclosed on March 27, 2024. There is no indication of active exploitation at this time, but the ease of exploitation and the potential impact warrant immediate attention. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that such exploits could be developed relatively easily.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

5.58% (90% percentile)

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L7.6HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityLowRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
Low — partial or intermittent denial of service. Attacker can degrade performance.

Affected Software

Componentpi-hole
Vendorpi-hole
Affected rangeFixed in
> 5.18 – > 5.185.18.1

Weakness Classification (CWE)

CWE-200CWE-269

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2024-28247 is to upgrade Pi-hole to version 5.18 or later, which contains the fix. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider restricting access to the Pi-hole web interface to trusted users only. Implement strong password policies and multi-factor authentication to prevent unauthorized access. Review Pi-hole's access control lists (ACLs) to ensure that only authorized users have access to sensitive features. Monitor Pi-hole logs for any suspicious activity, such as attempts to access unauthorized files. While a WAF is unlikely to directly mitigate this vulnerability, it can help detect and block malicious requests targeting the affected endpoint.

How to fix

Actualice Pi-hole a la versión 5.18 o superior. Esta actualización corrige la vulnerabilidad que permite la lectura arbitraria de archivos con privilegios de root. Puede actualizar a través de la interfaz web de Pi-hole o mediante la línea de comandos.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2024-28247 — Arbitrary File Access in Pi-hole?

CVE-2024-28247 is a vulnerability in Pi-hole versions 5.17 and earlier that allows authenticated users to read internal server files, potentially exposing sensitive data.

Am I affected by CVE-2024-28247 in Pi-hole?

You are affected if you are running Pi-hole version 5.17 or earlier. Upgrade to version 5.18 or later to resolve the issue.

How do I fix CVE-2024-28247 in Pi-hole?

Upgrade Pi-hole to version 5.18 or later. Restrict access to the web interface and implement strong password policies as interim measures.

Is CVE-2024-28247 being actively exploited?

There is currently no public evidence of active exploitation, but the vulnerability's ease of exploitation warrants immediate attention.

Where can I find the official Pi-hole advisory for CVE-2024-28247?

Refer to the official Pi-hole security advisory: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-9g92-3945-389x

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs