Plataforma
other
Componente
anka-build
Corrigido em
1.42.1
CVE-2024-41922 describes a directory traversal vulnerability affecting Veertu Anka Build versions 1.42.0. This flaw allows an attacker to potentially disclose sensitive information by manipulating the log file download functionality. The vulnerability is triggered by a specially crafted unauthenticated HTTP request. A patch, version 1.42.1, has been released to address this issue.
The directory traversal vulnerability in Veertu Anka Build allows an attacker to bypass intended access controls and retrieve arbitrary files from the server's file system. This could include configuration files, source code, or other sensitive data. Because the vulnerability is unauthenticated, an attacker does not need valid credentials to exploit it, significantly broadening the potential attack surface. Successful exploitation could lead to data breaches, compromise of system integrity, and potential lateral movement within the network if the exposed data contains credentials or other sensitive information.
CVE-2024-41922 was publicly disclosed on 2024-10-03. There are currently no known public proof-of-concept exploits available. The EPSS score is pending evaluation. This vulnerability is not currently listed on the CISA KEV catalog.
Organizations utilizing Veertu Anka Build version 1.42.0, particularly those with publicly accessible log file download endpoints, are at risk. Shared hosting environments where multiple users share the same Anka Build instance are also potentially vulnerable.
disclosure
Status do Exploit
EPSS
5.24% (percentil 90%)
Vetor CVSS
The primary mitigation for CVE-2024-41922 is to upgrade Veertu Anka Build to version 1.42.1 or later. If immediate upgrading is not possible, consider implementing temporary workarounds such as restricting access to the log file download endpoint using a web application firewall (WAF) or proxy server. Configure the WAF to block requests containing suspicious characters or patterns in the file path parameter. Regularly review access logs for any unusual activity related to the log file download functionality.
Actualice a una versión parcheada de Veertu Anka Build que solucione la vulnerabilidad de path traversal. Consulte el sitio web del proveedor para obtener la última versión y las instrucciones de actualización. Aplique las actualizaciones de seguridad tan pronto como estén disponibles.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-41922 is a directory traversal vulnerability in Veertu Anka Build versions 1.42.0, allowing attackers to potentially access sensitive files via HTTP requests.
If you are using Veertu Anka Build version 1.42.0, you are potentially affected by this vulnerability. Upgrade to 1.42.1 or later to mitigate the risk.
The recommended fix is to upgrade Veertu Anka Build to version 1.42.1 or a later version. As a temporary workaround, restrict access to the log file download endpoint using a WAF.
As of the current date, there are no confirmed reports of CVE-2024-41922 being actively exploited in the wild.
Please refer to the Veertu security advisory for CVE-2024-41922 on the Veertu website for detailed information and updates.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.