CVE-2024-51483 – changedetection.io

Package

Manager: pip
Name: changedetection.io
Vulnerable Version: >=0 <0.47.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.12064 pctl0.93547

Details

changedetection.io Path Traversal ### Summary When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked ### Details The root cause is the payload source:file:///etc/passwdpasses the regex [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19) and also passes the check [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35) where a traditional file:///etc/passwd would get blocked ### PoC [CL-ChangeDetection.io Path Travsersal-311024-181039.pdf](https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf) ### Impact It depends on where the webdriver is deployed but generally this is a high impact vulnerability

Metadata

Created: 2024-11-01T21:39:13Z
Modified: 2024-11-01T21:39:13Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-cwgg-57xj-g77r/GHSA-cwgg-57xj-g77r.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-cwgg-57xj-g77r
Finding: F063
Auto approve: 1