BuddyPress <= 14.1.0 - Authenticated (Subscriber+) Directory Traversal
traduzindo…Plataforma
wordpress
Componente
buddypress
Corrigido em
14.1.1
CVE-2024-10011 is a Directory Traversal vulnerability discovered in the BuddyPress plugin for WordPress. This flaw allows authenticated attackers with Subscriber-level access or higher to access files outside the intended directory, potentially leading to sensitive data exposure or malicious file uploads. The vulnerability impacts versions of BuddyPress up to and including 14.1.0, and is specifically observed on Windows systems. A patch is available.
Detecte esta CVE no seu projeto
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Impacto e Cenários de Ataquetraduzindo…
The Directory Traversal vulnerability in BuddyPress allows authenticated attackers to bypass intended file access restrictions. By manipulating the 'id' parameter, an attacker can navigate the file system and potentially read or write files outside the web root. This could lead to the exposure of sensitive configuration files, database credentials, or other critical data. Furthermore, the ability to upload files to directories outside the web root presents a significant risk, as attackers could potentially execute arbitrary code or compromise the entire server. The vulnerability’s restriction to Windows environments narrows the immediate scope, but still poses a risk for WordPress installations on Windows servers.
Contexto de Exploraçãotraduzindo…
CVE-2024-10011 was publicly disclosed on 2024-10-25. There are currently no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog at the time of writing. The vulnerability’s Windows-specific nature may limit its immediate exploitability, but it remains a potential risk for affected systems.
Quem Está em Riscotraduzindo…
WordPress websites utilizing the BuddyPress plugin, particularly those running on Windows servers, are at risk. Shared hosting environments where users have Subscriber-level access or higher are also particularly vulnerable, as attackers can leverage this privilege to exploit the flaw. Legacy WordPress installations with outdated BuddyPress versions are also at increased risk.
Passos de Detecçãotraduzindo…
• wordpress / composer / npm:
grep -r 'id=../' /var/www/html/wp-content/plugins/buddypress/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/buddypress/?id=../etc/passwd' # Check for file disclosureLinha do Tempo do Ataque
- Disclosure
disclosure
Inteligência de Ameaças
Status do Exploit
EPSS
1.31% (percentil 80%)
CISA SSVC
Vetor CVSS
O que significam essas métricas?
- Attack Vector
- Rede — explorável remotamente pela internet. Sem acesso físico ou local necessário.
- Attack Complexity
- Baixa — sem condições especiais. O atacante pode explorar de forma confiável.
- Privileges Required
- Baixo — qualquer conta de usuário válida é suficiente.
- User Interaction
- Nenhuma — ataque automático e silencioso. A vítima não faz nada.
- Scope
- Inalterado — impacto limitado ao componente vulnerável.
- Confidentiality
- Alto — perda total de confidencialidade. O atacante pode ler todos os dados.
- Integrity
- Alto — o atacante pode escrever, modificar ou excluir qualquer dado.
- Availability
- Nenhum — sem impacto na disponibilidade.
Software Afetado
Informações do pacote
- Instalações ativas
- 100KPopular
- Avaliação do plugin
- 4.1
- Requer WordPress
- 6.1+
- Compatível até
- 6.8.5
- Requer PHP
- 5.6+
Classificação de Fraqueza (CWE)
Linha do tempo
- Reservado
- Publicada
- EPSS atualizado
Mitigação e Soluções Alternativastraduzindo…
The primary mitigation for CVE-2024-10011 is to upgrade BuddyPress to a patched version. The vendor has not specified a fixed version, so monitor the official WordPress plugin repository for updates. As a temporary workaround, implement a Web Application Firewall (WAF) rule to block requests containing suspicious characters or patterns in the 'id' parameter. Additionally, restrict file upload permissions and carefully review any uploaded files for malicious content. After upgrading, confirm the fix by attempting to access files outside the intended directory using a crafted URL with the 'id' parameter.
Como corrigirtraduzindo…
Actualice el plugin BuddyPress a la última versión disponible. Esto solucionará la vulnerabilidad de recorrido de directorios. Si no puede actualizar, considere desactivar el plugin hasta que pueda realizar la actualización.
Boletim de Segurança CVE
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
Perguntas frequentestraduzindo…
What is CVE-2024-10011 — Directory Traversal in BuddyPress?
CVE-2024-10011 is a Directory Traversal vulnerability affecting BuddyPress versions up to 14.1.0. It allows authenticated attackers to access files outside the intended directory, potentially leading to data exposure or malicious file uploads.
Am I affected by CVE-2024-10011 in BuddyPress?
You are affected if you are using BuddyPress version 14.1.0 or earlier, and your WordPress installation is on a Windows server. Check your plugin version and upgrade immediately if vulnerable.
How do I fix CVE-2024-10011 in BuddyPress?
Upgrade BuddyPress to the latest available version. Monitor the WordPress plugin repository for updates. Implement WAF rules to block suspicious requests as a temporary workaround.
Is CVE-2024-10011 being actively exploited?
As of now, there are no confirmed reports of active exploitation, but it's crucial to apply the patch promptly to prevent potential attacks.
Where can I find the official BuddyPress advisory for CVE-2024-10011?
Refer to the official WordPress plugin repository and BuddyPress project website for updates and advisories related to CVE-2024-10011.
Seu projeto está afetado?
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.