CVE-2024-50334

Authentication Bypass Using an Alternate Path or Channel (CWE-288)

Published: Oct 29, 2024 / Updated: 21d ago

010
CVSS 8.7EPSS 0.04%High
CVE info copied to clipboard

Summary

Scoold, a Q&A and knowledge sharing platform for teams, contains a semicolon path injection vulnerability on the /api;/config endpoint. This vulnerability allows attackers to bypass authentication and gain unauthorized access to sensitive configuration data. Additionally, PUT requests on the same endpoint with the Content-Type: application/hocon header enable unauthenticated attackers to perform file reading via HOCON file inclusion, potentially retrieving sensitive information like configuration files from the server.

Impact

The impact of this vulnerability is significant. Attackers can bypass authentication mechanisms, gaining unauthorized access to sensitive configuration data. This could lead to exposure of critical system information, potentially including credentials or other confidential settings. The ability to read files from the server via HOCON file inclusion could result in the compromise of additional sensitive information, which attackers could leverage for further exploitation. This vulnerability provides a foothold for attackers to gather intelligence about the system, which could be used to plan more sophisticated attacks. The CVSS v3.1 base score is 5.3 (MEDIUM), while the CVSS v4.0 base score is 8.7 (HIGH), indicating a significant potential for harm.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in Scoold version 1.64.0. Organizations using Scoold should prioritize updating to this version or later to address the vulnerability.

Mitigation

There are two main mitigation strategies: 1. Update Scoold to version 1.64.0 or later, which contains the fix for this vulnerability. This is the recommended action. 2. If immediate updating is not possible, a temporary workaround is available: disable the Scoold API by setting scoold.api_enabled = false in the configuration. However, this should only be considered a short-term solution as it may impact functionality. It is strongly recommended to update to the patched version as soon as possible. The security team should prioritize this update, especially for systems handling sensitive information or those exposed to untrusted networks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-50334

Oct 29, 2024 at 3:15 PM
CVSS

A CVSS base score of 8.7 has been assigned.

Oct 29, 2024 at 3:21 PM / nvd
First Article

Feedly found the first article mentioning CVE-2024-50334. See article

Oct 29, 2024 at 3:24 PM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 29, 2024 at 3:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 30, 2024 at 10:18 AM
CVSS

A CVSS base score of 5.3 has been assigned.

Nov 8, 2024 at 7:55 PM / nvd
Threat Intelligence Report

The vulnerability CVE-2024-50334 has been reported, but specific details regarding its criticality, CVSS score, exploitation in the wild, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors are not provided in the available information. Further updates are anticipated in the coming weeks as more vulnerabilities are identified and shared. See article

Nov 19, 2024 at 2:21 PM
Static CVE Timeline Graph

Affected Systems

Erudika/scoold
+null more

Patches

github.com
+null more

Links to Mitre Att&cks

T1083: File and Directory Discovery
+null more

Attack Patterns

CAPEC-127: Directory Indexing
+null more

News

Scoold API Injection Vulnerability
Erudika - MEDIUM - CVE-2024-50334 Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.
Risky Biz News: Unpatched zero-day in Palo Alto Networks is in the wild
Security firm Volexity, which discovered the attacks, says the zero-day ( Volexity calls it a zero-day, but looks more like a design weakness to us ) was exploited on systems that were previously infected with the DEEPDATA malware. Details of a zero day vulnerability in Palo Alto Networks software and a design flaw in a Fortinet product were published on Friday—every IT engineer's favorite day for emergency security procedures.
4 - CVE-2024-50334
Currently trending CVE - hypeScore: 7 - Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furt
Update Thu Nov 7 14:29:30 UTC 2024
Update Thu Nov 7 14:29:30 UTC 2024
CVE-2024-50334
A semicolon path injection vulnerability was found on the /api;/config endpoint. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI