Exploit
CVE-2024-49381

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

Published: Oct 25, 2024 / Updated: 25d ago

010
CVSS 7.7EPSS 0.05%High
CVE info copied to clipboard

Summary

Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss.

Impact

This vulnerability allows attackers to delete arbitrary files on the system where Plenti is serving a website. The primary impact is potential information loss, which could be severe depending on the importance of the deleted files. The vulnerability has a high severity (CVSS base score of 7.7), indicating it poses a significant risk. The attack vector is network-based, requires low complexity, and doesn't need user interaction or privileges, making it relatively easy to exploit.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Version 0.7.2 of Plenti fixes the vulnerability.

Mitigation

1. Upgrade Plenti to version 0.7.2 or later immediately. 2. If immediate upgrade is not possible, consider temporarily disabling the `/postLocal` endpoint or restricting access to it. 3. Implement strong access controls and authentication mechanisms for all endpoints. 4. Regularly backup important files to minimize the impact of potential file deletion. 5. Monitor system logs for any suspicious activities related to file deletions or unauthorized access to the `/postLocal` endpoint.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-49381. See article

Oct 25, 2024 at 1:16 PM / GitHub Security Lab
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 25, 2024 at 1:17 PM
CVE Assignment

NVD published the first details for CVE-2024-49381

Oct 25, 2024 at 2:15 PM
CVSS

A CVSS base score of 7.7 has been assigned.

Oct 25, 2024 at 2:21 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.6%)

Oct 26, 2024 at 10:50 AM
Vendor Advisory

GitHub Advisories released a security advisory.

Oct 31, 2024 at 9:49 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (757378)

Nov 5, 2024 at 7:53 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210390)

Nov 6, 2024 at 12:15 PM
CVSS

A CVSS base score of 7.5 has been assigned.

Nov 14, 2024 at 11:05 PM / nvd
Static CVE Timeline Graph

Affected Systems

Plenti/plenti
+null more

Exploits

https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/
+null more

Patches

Github Advisory
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

Vendor Advisory

[GHSA-6h8w-hrfp-pffx] Plenti arbitrary file deletion vulnerability
Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. Package: github.com/plentico/plenti

News

CVE-2024-49381 Exploit
CVE Id : CVE-2024-49381 Published Date: 2024-11-14T23:04:00+00:00 Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability. inTheWild added a link to an exploit: https://securitylab.github.com/advisories/GHSL-2024-297_GHSL-2024-298_plenti/
SUSE SLES15 / openSUSE 15 Security Update : govulncheck-vulndb (SUSE-SU-2024:3911-1)
The remote SUSE host is missing one or more security updates. The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3911-1 advisory.
suse_linux SUSE-SU-2024:3911-1: SUSE SLES15 / openSUSE 15 : Security update for govulncheck-vulndb (Important) (SUSE-SU-2024:3911-1)
Testing Last Updated: 11/6/2024 CVEs: CVE-2024-49757 , CVE-2024-47182 , CVE-2024-8037 , CVE-2024-47827 , CVE-2024-8996 , CVE-2024-9264 , CVE-2024-47003 , CVE-2024-33662 , CVE-2024-47067 , CVE-2024-9180 , CVE-2024-49753 , CVE-2024-8038 , CVE-2024-9407 , CVE-2024-48921 , CVE-2024-47877 , CVE-2024-10214 , CVE-2023-32197 , CVE-2024-47832 , CVE-2024-8901 , CVE-2024-39223 , CVE-2024-9355 , CVE-2024-9313 , CVE-2024-8975 , CVE-2024-9341 , CVE-2024-36814 , CVE-2024-49381 , CVE-2024-22036 , CVE-2024-9486 , CVE-2024-47825 , CVE-2024-7558 , CVE-2023-22644 , CVE-2024-9594 , CVE-2024-47616 , CVE-2024-10241 , CVE-2024-49380 , CVE-2022-45157 , CVE-2024-38365 , CVE-2024-47534 , CVE-2024-48909 , CVE-2024-9312 , CVE-2024-7594 , CVE-2024-22030 , CVE-2024-9675 , CVE-2024-50312
Security: Mehrere Probleme in govulncheck-vulndb (SUSE)
* SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE: 2024:3911-1 important: govulncheck-vulndb Security Advisory Updates
* jsc#PED-11136 Cross-References: * CVE-2022-45157 * CVE-2023-22644
See 13 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI