CVE-2024-25125
published 2024-02-14CVE-2024-25125: Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload…
PriorityP340medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
29.65%
98.0th percentile
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| treasure-data | digdag | < 0.10.5.1 | 0.10.5.1 |
| treasuredata | digdag | < 0.10.5.1 | 0.10.5.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Absolute path traversal vulnerability in digdag server
osv·2024-02-14
CVE-2024-25125 [MEDIUM] Absolute path traversal vulnerability in digdag server
Absolute path traversal vulnerability in digdag server
### Summary
Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.
### Impact
This issue may lead to Information Disclosure.
GHSA
Absolute path traversal vulnerability in digdag server
ghsa·2024-02-14
CVE-2024-25125 [MEDIUM] CWE-22 Absolute path traversal vulnerability in digdag server
Absolute path traversal vulnerability in digdag server
### Summary
Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally.
### Impact
This issue may lead to Information Disclosure.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5
2024-02-14
Published