CVE-2024-23822

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-23822

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23822.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-23822

Aliases

GHSA-4mrh-mx7x-rqjx

Published

2024-01-29T15:46:30.188Z

Modified

2025-11-15T15:39:16.055198Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator

Summary

Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22)

Details

Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Git / github.com/sni/thruk

Affected ranges

Type: GIT
Repo: https://github.com/sni/thruk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3dbe6c29295c73d5c16a6e48d4a2690cdba36951

Affected versions

0.*

0.20

1.*

1.0.0

1.0.1

v0.*

v0.20

v0.21_1

v0.27_1

v0.27_2

v0.30

v0.32

v0.46

v0.48

v0.50

v0.52

v0.54

v0.56

v0.58

v0.60

v0.66

v0.70

v0.70.1

v0.72

v0.72.2

v0.74

v0.76

v0.76.1

v0.78

v0.78.1

v0.78.2

v0.80

v0.82

v0.82.1

v0.84

v0.86

v0.90

v0.92

v0.94

v0.94.1

v0.94.2

v0.94.3

v0.94.4

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.18

v1.20

v1.22

v1.24

v1.26

v1.28

v1.30

v1.32

v1.34

v1.36

v1.38

v1.40

v1.42

v1.44

v1.46

v1.48

v1.50

v1.52

v1.54

v1.56

v1.58

v1.60

v1.60-2

v1.62

v1.64

v1.64-2

v1.66

v1.66-2

v1.68

v1.70

v1.70-2

v1.70-3

v1.70-4

v1.72

v1.72-2

v1.74

v1.74-2

v1.76

v1.76-2

v1.76-3

v1.78

v1.78-2

v1.78-3

v1.80

v1.80-2

v1.80-3

v1.82

v1.82-2

v1.84

v1.84-2

v1.84-3

v1.84-4

v1.84-5

v1.84-6

v1.86

v1.86-2

v1.86-3

v1.86-4

v1.88

v1.88-2

v1.88-3

v1.88-4

v2.*

v2.00

v2.00-2

v2.02

v2.04

v2.06

v2.08

v2.10

v2.10-2

v2.12

v2.12-2

v2.12-3

v2.14

v2.14-2

v2.16

v2.16-2

v2.18

v2.20

v2.20-2

v2.22

v2.24

v2.24-2

v2.26

v2.26-2

v2.28

v2.30

v2.30-2

v2.32

v2.32-2

v2.34

v2.34-2

v2.34-3

v2.36

v2.38

v2.38-2

v2.40

v2.40-2

v2.42

v2.42-2

v2.44

v2.44-2

v2.44-3

v2.44.3

v2.46

v2.46.2

v2.46.3

v2.48

v2.48.2

v3.*

v3.00

v3.00-alpha

v3.02

v3.04

v3.06

v3.08

v3.08.2

v3.08.3

v3.10