What is CVE-2024-41799?

CVE-2024-41799 is a high-severity vulnerability in Tgstation Tgstation-server, classified under Path Traversal. CVSS score: 8.4/10. Published 2024-07-29.

How severe is CVE-2024-41799?

High severity. CVSS v3 base score is 8.4 out of 10.

Is CVE-2024-41799 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Tgstation Tgstation-server

CVE-2024-41799

tgstation-server is a production scale tool for BYOND server management. Prior to 6.8.0, low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and ex…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.070 (91.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:H.

Affected products

Tgstation Tgstation-server — versions >= 4.0.0, < 6.8.0

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/tgstation/tgstation-server/security/advisories/GHSA-c3h4-9gc2-f7h4 (x_refsource_CONFIRM)
https://github.com/tgstation/tgstation-server/pull/1835 (x_refsource_MISC)
https://github.com/tgstation/tgstation-server/commit/374852fe5ae306415eb5aafb2d16b06897d7afe4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-41799?: CVE-2024-41799 is a high-severity vulnerability in Tgstation Tgstation-server, classified under Path Traversal. CVSS score: 8.4/10. Published 2024-07-29.
How severe is CVE-2024-41799?: High severity. CVSS v3 base score is 8.4 out of 10.
Is CVE-2024-41799 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.