CVE-2024-9405

Relative Path Traversal (CWE-23)

Published: Oct 1, 2024 / Updated: 49d ago

010
CVSS 5.3EPSS 0.04%Medium
CVE info copied to clipboard

An incorrect limitation of a path to a restricted directory (path traversal) has been detected in Pluck CMS, affecting version 4.7.18. An unauthenticated attacker could extract sensitive information from the server via the absolute path of a file located in the same directory or subdirectory as the module, but not from recursive directories.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Timeline

First Article

Feedly found the first article mentioning CVE-2024-9405. See article

Oct 1, 2024 at 11:33 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 1, 2024 at 11:34 AM
CVE Assignment

NVD published the first details for CVE-2024-9405

Oct 1, 2024 at 12:15 PM
CVSS

A CVSS base score of 5.3 has been assigned.

Oct 1, 2024 at 12:20 PM / nvd
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.6%)

Oct 2, 2024 at 10:19 AM
Threat Intelligence Report

CVE-2024-9405 is a critical local file inclusion vulnerability in Pluck CMS v.4.7.18 that allows unauthenticated users to read arbitrary files via the endpoint /data/modules/albums/albums_getimage.php?image=[filename], as detailed in a blog post by m3n0sd0n4ld. At the time of the Mist machine's release, no public proof-of-concept exploits were available, and the issue was noted on Pluck's GitHub as Inclusion of files without authentication (#122). There are no specific mitigations, detections, or patches mentioned in the provided information. See article

Oct 28, 2024 at 2:18 AM
Static CVE Timeline Graph

Affected Systems

Pluck-cms/pluck
+null more

Attack Patterns

CAPEC-139: Relative Path Traversal
+null more

References

HackTheBox Mist [CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice]
本文是Insane难度的HTB Mist机器的域渗透部分,其中CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice等域渗透提权细节是此box的特色,主要参考 0xdf’s blog Mist walkthrough 记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。 [*] Using PKINIT with etype rc4_hmac and subject: CN=Brandon.Keywarp, CN=Users, DC=mist, DC=htb

News

HackTheBox Mist [CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice]
本文是Insane难度的HTB Mist机器的域渗透部分,其中CVE-2024-9405 + PetitPotam Attack + shadow credential + s4u impersonat + reading GMSA password + abusing AddKeyCredentialLink + exploiting ADCS ESC 13 twice等域渗透提权细节是此box的特色,主要参考 0xdf’s blog Mist walkthrough 记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。 [*] Using PKINIT with etype rc4_hmac and subject: CN=Brandon.Keywarp, CN=Users, DC=mist, DC=htb
HTB: Mist
I’ll find LDAP signing is off, and use PetitPotam to coerce the server to authenticate to my, and relay that to the domain controller to get LDAP access as the machine account. In another user’s home directory I’ll find a KeePass database, along with an image showing a partial password.
CVE Alert: CVE-2024-9405 - https://www.redpacketsecurity.com/cve_alert_cve-2024-9405/ #OSINT #ThreatIntel #CyberSecurity #cve_2024_9405
CVE Alert: CVE-2024-9405 - redpacketsecurity.com/cve_al… #OSINT #ThreatIntel #CyberSecurity #cve_2024_9405
CVE Alert: CVE-2024-9405 - https://www. redpacketsecurity.com/cve_aler t_cve-2024-9405/ # OSINT # ThreatIntel # CyberSecurity # cve_2024_9405
CVE Alert: CVE-2024-9405
Affected Endpoints: Everyone that supports the site helps enable new functionality.
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI