Unauthenticated Directory Traversal Vulnerability in Bazaar v1.4.3
CVE-2024-40348

Currently unrated

Key Information:

Vendor: Bazaar
Status: Bazarr
Vendor: CVE Published:; 20 July 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 92%📰 News Worthy

What is CVE-2024-40348?

The Bazaar v1.4.3 vulnerability, CVE-2024-40348, allows unauthenticated attackers to perform directory traversal through the /api/swaggerui/static component. This vulnerability presents a high risk to affected systems, compromising system integrity and confidentiality. A Proof of Concept (PoC) has been developed to demonstrate the exploitability of the vulnerability and it has been observed in the wild, posing an immediate threat. As of now, there are no known countermeasures or security patches available, so organizations are advised to monitor system logs, implement stringent access controls, and conduct regular vulnerability assessments. Due to the severity of the vulnerability, organizations are encouraged to stay updated with the latest security advisories and apply patches promptly upon release.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-40348
Created by bigb0x

Bazaar_poc
Created by NingXin2002

News Articles

ethicalhacking.uk

CVE-2024-40348

Ethical Hacking - CVE-2024-40348: Bazarr Directory Traversal Vulnerability

CVE-2024-40348 is a critical security vulnerability affecting Bazarr v1.4.3. This flaw, identified as a directory traversal, enables unauthenticated remote attackers to execute arbitrary file read operations within the system's filesystem.