CVE-2024-56509

Published Dec 27, 2024

Last updated 2 months ago

CVSS high 8.6

Overview

Description
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-22

Social media

Hype score
Not currently trending

  1. CVE-2024-56509 (CVSS:8.6, HIGH) is Awaiting Analysis. https://t.co/riYerrsBXN is a free open source web page change detection, website watcher, restock monitor and notification se..https://t.co/QoncXbjmzt #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    1 Jan 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-56509 https://t.co/gltQ9nv5GC is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the applic… https://t.co/FZZjLu4zBy

    @CVEnew

    28 Dec 2024

    195 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-56509 Improper Input Validation Enables LFR in https://t.co/xfsVCImZVI Pre-0.48.05 https://t.co/xfsVCImZVI is a free tool for detecting changes on web pages and getting notifications. There is a problem with check... https://t.co/863x2BpbYy

    @VulmonFeeds

    28 Dec 2024

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-56509: HIGH] Mitigate local file read and path traversal attacks by ensuring input validation is properly implemented in https://t.co/RYRSVkTYeL 0.48.05. Stay safe online with improved cyber security measures.#cybersecurity,#vulnerability https://t.co/U00yCOLrYe https:/

    @CveFindCom

    27 Dec 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References