Local System File Access Fix in Version 0.47.5
CVE-2024-51483

Currently unrated

Key Information:

Vendor

Dgtlmoon

Status
Changedetection.io
Vendor
CVE Published:
1 November 2024

What is CVE-2024-51483?

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the issue.

Affected Version(s)

changedetection.io < 0.47.5

References

https://github.com/dgtlmoon/changedetection.io/security/a...
x_refsource_CONFIRM
https://github.com/dgtlmoon/changedetection.io/blob/maste...
x_refsource_MISC
https://github.com/dgtlmoon/changedetection.io/blob/maste...
x_refsource_MISC

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.