Unauthenticated Directory Traversal Vulnerability in Bazaar v1.4.3

Summary

The Bazaar v1.4.3 vulnerability, CVE-2024-40348, allows unauthenticated attackers to perform directory traversal through the /api/swaggerui/static component. This vulnerability presents a high risk to affected systems, compromising system integrity and confidentiality. A Proof of Concept (PoC) has been developed to demonstrate the exploitability of the vulnerability and it has been observed in the wild, posing an immediate threat. As of now, there are no known countermeasures or security patches available, so organizations are advised to monitor system logs, implement stringent access controls, and conduct regular vulnerability assessments. Due to the severity of the vulnerability, organizations are encouraged to stay updated with the latest security advisories and apply patches promptly upon release.

News Articles

ethicalhacking.uk

CVE-2024-40348

Ethical Hacking - CVE-2024-40348: Bazarr Directory Traversal Vulnerability

CVE-2024-40348 is a critical security vulnerability affecting Bazarr v1.4.3. This flaw, identified as a directory traversal, enables unauthenticated remote attackers to execute arbitrary file read operations within the system's filesystem.

5 months ago

Pentest-Tools.com

CVE-2024-40348

Bazarr < 1.4.3 - Arbitrary File Read (CVE-2024-40348)

Bazarr 1.4.3 and earlier versions have a arbitrary file read vulnerability..

5 months ago

The Cyber Express

CVE-2024-40348

Critical Bazaar Vulnerability CVE-2024-40348: Directory Traversal Flaw Threatens System Integrity - The Cyber Express

The Bazaar v1.4.3 vulnerability allows attackers to perform directory traversal via the /api/swaggerui/static component without authentication.

5 months ago

More News...

Refferences