CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-56331

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.41678/1

CVE-2024-56331 in Uptime Kuma allows attackers to access sensitive local files on the server. This Improper URL Handling Vulnerability lets an attacker use the file:/// protocol via the "real-browser" request type to read local files. The SVRS score is 30, indicating a low risk but should still be addressed. An authenticated user can submit a crafted URL, leading to the exposure of sensitive data through screenshots. This arises from the lack of proper validation of user-supplied URLs. Upgrade to version 1.23.16 to mitigate this risk. While the SVRS is not critical, the potential for data exposure makes this a significant security concern for Uptime Kuma users.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-12-20
LAST MODIFIED2024-12-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-56331 is an Improper URL Handling Vulnerability affecting Uptime Kuma, an open-source monitoring tool. This vulnerability allows attackers to access sensitive local files on the server by exploiting the file:/// protocol. The vulnerability is triggered through the "real-browser" request type, which takes a screenshot of the URL provided by the attacker. By supplying local file paths, such as file:///etc/passwd, attackers can read sensitive data from the server.

The SVRS score for this vulnerability is 30, indicating that while the vulnerability is exploitable, its impact might not be as severe as a higher score. However, it is important to remember that the presence of active exploits in the wild indicates a potential for serious consequences.

Key Insights

  • Active Exploitation: The vulnerability has been identified as "In The Wild," meaning hackers are actively exploiting it.
  • Impact: The vulnerability allows attackers to access sensitive local files, potentially exposing critical information like system configurations, user credentials, and other sensitive data.
  • Wide Reach: This vulnerability affects any authenticated user who can submit a URL in the "real-browser" mode, potentially impacting a wide range of users.
  • Severity: While the SVRS score is 30, the fact that active exploits are present increases the severity, making immediate action necessary.

Mitigation Strategies

  • Upgrade Uptime Kuma: The vulnerability is addressed in version 1.23.16. Immediately upgrade to this version or later to patch the vulnerability.
  • Input Validation: Implement robust input validation to prevent users from entering malicious URLs. Sanitize all user inputs, especially those related to URLs, before processing.
  • Restrict File Access: Implement restrictions on file access for the "real-browser" functionality. Ensure the system only allows access to authorized directories and files.
  • Network Segmentation: Isolate the Uptime Kuma server from other critical systems to limit the potential impact of a compromise.

Additional Information

For more information or assistance in addressing this vulnerability, clients can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-56331 | louislam uptime-kuma 1.23.7/1.23.9 URL path traversal (GHSA-2qgm-m29m-cj2h)
vuldb.com2024-12-20
CVE-2024-56331 | louislam uptime-kuma 1.23.7/1.23.9 URL path traversal (GHSA-2qgm-m29m-cj2h) | A vulnerability classified as critical was found in louislam uptime-kuma 1.23.7/1.23.9. This vulnerability affects unknown code of the component URL Handler. The manipulation leads to path traversal. This vulnerability was named CVE-2024-56331. The attack can be initiated remotely. There is no exploit available. It is
vuldb.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/louislam/uptime-kuma/commit/6cfae01a0d3727c517afe512fc8fec1d99acf875
[email protected]https://github.com/louislam/uptime-kuma/security/advisories/GHSA-2qgm-m29m-cj2h
GITHUBhttps://github.com/louislam/uptime-kuma/security/advisories/GHSA-2qgm-m29m-cj2h

CWE Details

CWE IDCWE NameDescription
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence