HIGHCVE-2023-52332CVSS 7.5

CVE-2023-52332: Directory Traversal in Allegra

Platform

other

Component

allegra

Fixed in

7.5.1

AI Confidence: highNVDEPSS 1.8%Reviewed: May 2026

View on NVD

Save

CVE-2023-52332 is a directory traversal vulnerability discovered in Allegra, allowing attackers to potentially disclose sensitive information. This flaw stems from inadequate validation of user-supplied paths within the serveMathJaxLibraries method, enabling unauthorized file access. The vulnerability affects Allegra versions 7.5.0 build 29 and earlier, and a fix is available in version 7.5.1.

Impact and Attack Scenarios

Successful exploitation of CVE-2023-52332 allows an attacker to read arbitrary files on the server hosting Allegra. This includes potentially accessing configuration files, database backups, or other sensitive data. The lack of authentication required to exploit the vulnerability significantly broadens the attack surface. A particularly concerning outcome is the potential disclosure of stored credentials, which could then be used for further compromise of the system or network. The vulnerability’s simplicity and the lack of authentication make it a high-priority concern.

Exploitation Context

CVE-2023-52332 was reported to ZDI as ZDI-CAN-22532. Public proof-of-concept code is currently unavailable, but the vulnerability's simplicity suggests it could be easily developed. The vulnerability was publicly disclosed on 2024-11-22. The KEV status is currently unknown.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

1.85% (83% percentile)

CISA SSVC

Exploitationnone

Automatableyes

Technical Impactpartial

CVSS Vector

Affected Software

Componentallegra

VendorAllegra

Affected rangeFixed in

7.5.0 build 29 – 7.5.0 build 297.5.1

Weakness Classification (CWE)

CWE-22

Timeline

Reserved2024-01-11
Published2024-11-22
Modified2024-11-25
EPSS updated2026-04-02

Mitigation and Workarounds

The primary mitigation for CVE-2023-52332 is to upgrade Allegra to version 7.5.1 or later, which contains the necessary fix. If upgrading immediately is not feasible, consider implementing temporary workarounds such as restricting access to the serveMathJaxLibraries endpoint or implementing stricter file access controls on the server. While a WAF might offer some protection, it's unlikely to be sufficient given the nature of the vulnerability. Review and harden file permissions to limit the potential impact of a successful exploit.

How to fix

Actualice Allegra a la versión 7.5.1 o posterior. Esta versión corrige la vulnerabilidad de recorrido de directorios en el método serveMathJaxLibraries.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2023-52332 — Directory Traversal in Allegra?

CVE-2023-52332 is a directory traversal vulnerability in Allegra versions 7.5.0 build 29 and earlier, allowing attackers to access sensitive files.

Am I affected by CVE-2023-52332 in Allegra?

If you are using Allegra versions 7.5.0 build 29 or earlier, you are potentially affected by this vulnerability.

How do I fix CVE-2023-52332 in Allegra?

Upgrade Allegra to version 7.5.1 or later to resolve this vulnerability. Consider temporary workarounds if immediate upgrade is not possible.

Is CVE-2023-52332 being actively exploited?

While no active exploitation has been publicly confirmed, the vulnerability's simplicity suggests it could be targeted.

Where can I find the official Allegra advisory for CVE-2023-52332?

Refer to the Allegra documentation and security advisories on the official Allegra website for the latest information.