CVE-2024-23770
published 2024-01-22CVE-2024-23770: darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.24%
14.7th percentile
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| unix4lyfe | darkhttpd | <= 1.15 | — |
| unix4lyfe | darkhttpd | >= 0 < 1.15-r0 | 1.15-r0 |
| unix4lyfe | darkhttpd | >= 0 < 1.15-r0 | 1.15-r0 |
| unix4lyfe | darkhttpd | >= 0 < 1.15-r0 | 1.15-r0 |
| unix4lyfe | darkhttpd | >= 0 < 1.15-r0 | 1.15-r0 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-23770: darkhttpd through 1
osv·2024-01-22·CVSS 5.5
CVE-2024-23770 [MEDIUM] CVE-2024-23770: darkhttpd through 1
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
GHSA
GHSA-47fw-qp5q-cc27: darkhttpd through 1
ghsa_unreviewed·2024-01-22
CVE-2024-23770 [MEDIUM] GHSA-47fw-qp5q-cc27: darkhttpd through 1
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2024/01/25/1https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35dhttps://github.com/emikulic/darkhttpd/compare/v1.14...v1.15http://www.openwall.com/lists/oss-security/2024/01/25/1https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35dhttps://github.com/emikulic/darkhttpd/compare/v1.14...v1.15
2024-01-22
Published