CVE-2024-45388

Exploit

EPSS 93.68%
Veröffentlicht 02.09.2024 18:15:38
Zuletzt bearbeitet 19.09.2024 15:18:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The `/api/v2/simulation` POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server. Note that, although the code prevents absolute paths from being specified, an attacker can escape out of the `hf.Cfg.ResponsesBodyFilesPath` base path by using `../` segments and reach any arbitrary files. This issue was found using the Uncontrolled data used in path expression CodeQL query for python. Users are advised to make sure the final path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, filePath)`) is contained within the expected base path (`filepath.Join(hf.Cfg.ResponsesBodyFilesPath, "/")`). This issue is also tracked as GHSL-2023-274.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hoverfly ≫ Hoverfly Version < 1.10.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.68%	0.998

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://codeql.github.com/codeql-query-help/go/go-path-injection

Not Applicable

https://github.com/SpectoLabs/hoverfly/releases/tag/v1.10.3

Release Notes

https://github.com/SpectoLabs/hoverfly/security/advisories/GHSA-6xx4-x46f-f897

Vendor Advisory

Exploit

https://github.com/spectolabs/hoverfly/blob/15d6ee9ea4e0de67aec5a41c28d21dc147243da0/core/handlers/v2/simulation_handler.go#L87

Product

https://nvd.nist.gov/vuln/detail/CVE-2024-45388

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-45388

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-45388

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-45388