Input Validation Flaw in Change Detection Service Exposes Sensitive Data
CVE-2024-56509

8.6HIGH

Key Information:

Vendor: Dgtlmoon
Status: Changedetection.io
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-56509?

ChangeDetection.io, a popular open-source web page change detection and monitoring service, suffers from an input validation vulnerability that can be exploited to execute local file read (LFR) and path traversal attacks. This issue arises when the application inadequately sanitizes user input used to create file paths. Attackers can exploit this flaw by using specially crafted inputs like 'file:../../../etc/passwd' or 'file:///etc/passwd', which can circumvent weak validations and lead to unauthorized access to sensitive system files. Although fixes have been implemented in version 0.48.05, prior versions remain susceptible to exploitation, posing significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

changedetection.io < 0.48.05

References

https://github.com/dgtlmoon/changedetection.io/security/a...

x_refsource_CONFIRM

https://github.com/dgtlmoon/changedetection.io/commit/f7e...

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Dec 26, 2024

JSON

Dgtlmoon

What is CVE-2024-56509?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.