Platform
linux
Component
pi-hole
Fixed in
5.18.1
CVE-2024-28247 describes an Arbitrary File Access vulnerability discovered in Pi-hole, a popular DNS sinkhole. This flaw allows authenticated users to read internal server files, potentially exposing sensitive data and configuration information. The vulnerability impacts Pi-hole versions 5.17 and earlier, and a fix is available in version 5.18.
An attacker exploiting this vulnerability could gain unauthorized access to internal Pi-hole server files. Because Pi-hole typically runs with elevated privileges, this access could expose sensitive configuration data, API keys, or other credentials used by the system. While the vulnerability requires authentication, a compromised user account or a successful brute-force attack could provide the necessary access. The potential impact extends beyond simple data exposure; an attacker could potentially modify configuration files to redirect DNS queries or inject malicious content, disrupting network services and compromising user privacy. The ability to read privileged files elevates the risk significantly, potentially allowing for further exploitation and lateral movement within the network.
CVE-2024-28247 was publicly disclosed on March 27, 2024. There is no indication of active exploitation at this time, but the ease of exploitation and the potential impact warrant immediate attention. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are not widely available, but the vulnerability's nature suggests that such exploits could be developed relatively easily.
Exploit Status
EPSS
5.58% (90% percentile)
CVSS Vector
The primary mitigation for CVE-2024-28247 is to upgrade Pi-hole to version 5.18 or later, which contains the fix. If an immediate upgrade is not feasible due to compatibility concerns or system downtime requirements, consider restricting access to the Pi-hole web interface to trusted users only. Implement strong password policies and multi-factor authentication to prevent unauthorized access. Review Pi-hole's access control lists (ACLs) to ensure that only authorized users have access to sensitive features. Monitor Pi-hole logs for any suspicious activity, such as attempts to access unauthorized files. While a WAF is unlikely to directly mitigate this vulnerability, it can help detect and block malicious requests targeting the affected endpoint.
Actualice Pi-hole a la versión 5.18 o superior. Esta actualización corrige la vulnerabilidad que permite la lectura arbitraria de archivos con privilegios de root. Puede actualizar a través de la interfaz web de Pi-hole o mediante la línea de comandos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-28247 is a vulnerability in Pi-hole versions 5.17 and earlier that allows authenticated users to read internal server files, potentially exposing sensitive data.
You are affected if you are running Pi-hole version 5.17 or earlier. Upgrade to version 5.18 or later to resolve the issue.
Upgrade Pi-hole to version 5.18 or later. Restrict access to the web interface and implement strong password policies as interim measures.
There is currently no public evidence of active exploitation, but the vulnerability's ease of exploitation warrants immediate attention.
Refer to the official Pi-hole security advisory: https://github.com/pi-hole/pi-hole/security/advisories/GHSA-9g92-3945-389x
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.