cbcvebase.
CVE-2024-27292
published 2024-03-21

CVE-2024-27292: Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on…

PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
69.49%
99.3th percentile
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Affected

2 ranges
VendorProductVersion rangeFixed in
jhpyledocassemble
jhpyledocassemble>= 1.4.53 < 1.4.971.4.97

Detection & IOCsextracted from sources · hover to see the quote

url/interview?i=/etc/passwd
  • Exploit targets the /interview endpoint with the query parameter `i` set to an absolute file path (e.g., /etc/passwd). Monitor GET requests to /interview where the `i` parameter contains path traversal or absolute path values.
  • Successful exploitation returns HTTP status 501 alongside file content. Correlate 501 responses from /interview with file-read indicators (e.g., passwd file patterns) to identify exploitation.
  • Use Shodan query `http.title:"docassemble"` or FOFA query `icon_hash="-575790689"` to identify exposed Docassemble instances for proactive asset discovery.
  • ·The vulnerability affects Docassemble versions 1.4.53 through 1.4.96 only. Version 1.4.97 and later are patched and not vulnerable.
  • ·The LFI is unauthenticated — no credentials or prior session are required to exploit the /interview endpoint via URL manipulation.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.