What is CVE-2024-51998?

CVE-2024-51998 is a high-severity vulnerability in Dgtlmoon Changedetection.io, classified under Path Traversal. CVSS score: 8.6/10. Published 2024-11-07.

How severe is CVE-2024-51998?

High severity. CVSS v3 base score is 8.6 out of 10.

Path Traversal in Dgtlmoon Changedetection.io

CVE-2024-51998

changedetection.io is a free open source web page change detection tool. The validation for the file URI scheme falls short, and results in an attacker being able to read any file on the system. This issue only affects instances with a web…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (34.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

Affected products

Dgtlmoon Changedetection.io — versions < 0.47.06

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-6jrf-rcjf-245r (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/commit/49bc982c697169c98b79698889fb9d26f6b3317f (x_refsource_MISC)
https://github.com/dgtlmoon/changedetection.io/blob/e0abf0b50507a8a3d0c1d8522ab23519b3e4cdf4/changedetectionio/model/Watch.py#L11-L13 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-51998?: CVE-2024-51998 is a high-severity vulnerability in Dgtlmoon Changedetection.io, classified under Path Traversal. CVSS score: 8.6/10. Published 2024-11-07.
How severe is CVE-2024-51998?: High severity. CVSS v3 base score is 8.6 out of 10.