CRITICALCVE-2024-39915CVSS 10

Thruk 中的认证远程代码执行漏洞

Q: What is CVE-2024-39915 — RCE in Thruk?

CVE-2024-39915 is a critical Remote Code Execution vulnerability in Thruk, a monitoring web interface, allowing authenticated attackers to execute commands via a URL parameter.

Q: Am I affected by CVE-2024-39915 in Thruk?

You are affected if you are using Thruk versions 3.15 or earlier. Upgrade to version 3.16 or later to mitigate the vulnerability.

Q: How do I fix CVE-2024-39915 in Thruk?

The recommended fix is to upgrade Thruk to version 3.16 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and using a WAF.

Q: Where can I find the official Thruk advisory for CVE-2024-39915?

Refer to the official Thruk security advisory for detailed information and updates: [https://www.thruk.org/security/advisories/CVE-2024-39915](https://www.thruk.org/security/advisories/CVE-2024-39915)

平台

linux

组件

thruk

修复版本

3.16.1

AI Confidence: highNVDEPSS 0.2%已审阅: 2026年5月

在NVD查看

保存

正在翻译为您的语言…

CVE-2024-39915 is a critical Remote Code Execution (RCE) vulnerability affecting Thruk, a web interface for monitoring systems like Naemon, Nagios, Icinga, and Shinken. An authenticated attacker can exploit this flaw to execute arbitrary commands on the server. This vulnerability impacts Thruk versions 3.15 and earlier, and a fix is available in version 3.16.

影响与攻击场景翻译中…

The impact of CVE-2024-39915 is severe due to the potential for complete system compromise. An attacker who can authenticate to the Thruk web interface can inject malicious commands through a URL parameter during PDF report generation. This allows them to execute arbitrary code with the privileges of the Thruk process, potentially gaining full control over the monitoring server. This could lead to data breaches, system disruption, and lateral movement within the network, as the monitoring server often has access to sensitive network information and credentials. The ability to execute arbitrary commands is akin to a shell takeover, granting the attacker a high degree of control.

利用背景翻译中…

CVE-2024-39915 was publicly disclosed on 2024-07-15. While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. It is listed on the CISA KEV catalog, indicating a significant risk to federal executive branch agencies. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.

哪些人处于风险中翻译中…

Organizations heavily reliant on Thruk for network monitoring are at significant risk. This includes those with legacy Thruk deployments, shared hosting environments where Thruk is installed, and those using custom reporting configurations that may not be adequately secured. Any environment where the Thruk web interface is accessible to unauthorized users is also vulnerable.

检测步骤翻译中…

• linux / server:

journalctl -u thruk -f | grep -i "command injection"

• linux / server:

ps aux | grep -i "/script/html2pdf.sh" && ps -ef | grep -i "/script/html2pdf.sh"

• generic web:

curl -I <thruk_url>/script/html2pdf.sh?param=;id; | grep -i "HTTP/1.1 403"

攻击时间线

2024-07-15Disclosure
disclosure

威胁情报

漏洞利用状态

概念验证未知

CISA KEVNO

互联网暴露高

EPSS

0.21% (43% 百分位)

CISA SSVC

利用情况poc

可自动化no

技术影响total

CVSS 向量

这些指标意味着什么？

Attack Vector: 网络 — 可通过互联网远程利用，无需物理或本地访问。攻击面最大。
Attack Complexity: 低 — 无需特殊条件，可以稳定地利用漏洞。
Privileges Required: 低 — 任何有效用户账户均可。
User Interaction: 无 — 攻击自动且无声，受害者无需任何操作。
Scope: 已改变 — 攻击可以超出脆弱组件，影响其他系统。
Confidentiality: 高 — 完全丧失机密性，攻击者可读取所有数据。
Integrity: 高 — 攻击者可写入、修改或删除任何数据。
Availability: 高 — 完全崩溃或资源耗尽，完全拒绝服务。

受影响的软件

组件thruk

供应商sni

影响范围修复版本

< 3.16 – < 3.163.16.1

弱点分类 (CWE)

CWE-94

时间线

已保留2024-07-02
发布日期2024-07-15
修改日期2024-08-02
EPSS 更新日期2026-04-02

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2024-39915 is to immediately upgrade Thruk to version 3.16 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the reporting functionality to only authorized users and closely monitor the URL parameters used in report generation. Web Application Firewalls (WAFs) can be configured to detect and block suspicious URL patterns that attempt to inject commands. Review Thruk's configuration and ensure that the Livestatus API is properly secured. After upgrading, verify the fix by attempting to generate a PDF report with a malicious URL parameter; the command injection should be prevented.

修复方法

将 Thruk 升级到 3.16 或更高版本。此版本修复了远程代码执行漏洞。没有已知的解决方法，因此升级是唯一的解决方案。

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2024-39915 — RCE in Thruk?

CVE-2024-39915 is a critical Remote Code Execution vulnerability in Thruk, a monitoring web interface, allowing authenticated attackers to execute commands via a URL parameter.

Am I affected by CVE-2024-39915 in Thruk?

You are affected if you are using Thruk versions 3.15 or earlier. Upgrade to version 3.16 or later to mitigate the vulnerability.

How do I fix CVE-2024-39915 in Thruk?

The recommended fix is to upgrade Thruk to version 3.16 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting access and using a WAF.

Is CVE-2024-39915 being actively exploited?

While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation make it a high-priority target and likely to be exploited.

Where can I find the official Thruk advisory for CVE-2024-39915?

Refer to the official Thruk security advisory for detailed information and updates: [https://www.thruk.org/security/advisories/CVE-2024-39915](https://www.thruk.org/security/advisories/CVE-2024-39915)

你的项目受影响吗?

上传你的依赖文件，立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE