What is CVE-2024-23822?

CVE-2024-23822 is a medium-severity vulnerability in Sni Thruk, classified under Path Traversal. CVSS score: 5.4/10. Published 2024-01-29.

How severe is CVE-2024-23822?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Path Traversal in Sni Thruk

CVE-2024-23822

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desi…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.014 (69.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Sni Thruk — versions < 3.12

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx (x_refsource_CONFIRM)
https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-23822?: CVE-2024-23822 is a medium-severity vulnerability in Sni Thruk, classified under Path Traversal. CVSS score: 5.4/10. Published 2024-01-29.
How severe is CVE-2024-23822?: Medium severity. CVSS v3 base score is 5.4 out of 10.