CVE-2024-27292
published 2024-03-21CVE-2024-27292: Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on…
PriorityP182high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
69.49%
99.3th percentile
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jhpyle | docassemble | — | — |
| jhpyle | docassemble | >= 1.4.53 < 1.4.97 | 1.4.97 |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit targets the /interview endpoint with the query parameter `i` set to an absolute file path (e.g., /etc/passwd). Monitor GET requests to /interview where the `i` parameter contains path traversal or absolute path values. ↗
- →Successful exploitation returns HTTP status 501 alongside file content. Correlate 501 responses from /interview with file-read indicators (e.g., passwd file patterns) to identify exploitation. ↗
- →Use Shodan query `http.title:"docassemble"` or FOFA query `icon_hash="-575790689"` to identify exposed Docassemble instances for proactive asset discovery. ↗
- ·The vulnerability affects Docassemble versions 1.4.53 through 1.4.96 only. Version 1.4.97 and later are patched and not vulnerable. ↗
- ·The LFI is unauthenticated — no credentials or prior session are required to exploit the /interview endpoint via URL manipulation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Docassemble unauthorized access through URL manipulation
osv·2024-02-29
CVE-2024-27292 [HIGH] Docassemble unauthorized access through URL manipulation
Docassemble unauthorized access through URL manipulation
### Impact
The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96.
### Patches
The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched.
### Workarounds
If upgrading is not possible, manually apply the changes of [97f77dc](https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9) and restart the server.
### Credit
The vulnerability was discovered by Riyush Ghimire (@richighimi).
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issue
GHSA
Docassemble unauthorized access through URL manipulation
ghsa·2024-02-29
CVE-2024-27292 [HIGH] CWE-706 Docassemble unauthorized access through URL manipulation
Docassemble unauthorized access through URL manipulation
### Impact
The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96.
### Patches
The vulnerability has been patched in version 1.4.97 of the master branch. The Docker image on docker.io has been patched.
### Workarounds
If upgrading is not possible, manually apply the changes of [97f77dc](https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9) and restart the server.
### Credit
The vulnerability was discovered by Riyush Ghimire (@richighimi).
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [docassemble](https://github.com/jhpyle/docassemble/issue
VulnCheck
jhpyle docassemble Use of Incorrectly-Resolved Name or Reference
vulncheck·2024·CVSS 7.5
CVE-2024-27292 [HIGH] jhpyle docassemble Use of Incorrectly-Resolved Name or Reference
jhpyle docassemble Use of Incorrectly-Resolved Name or Reference
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
Affected: Docassemble Docassemble
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2024-27292
Exploit PoC: https://vulncheck.com/xdb/3696c528dba3; https://vulncheck.com/xdb/1b640afe406d
No detection rules found.
Nuclei
Docassemble - Local File Inclusion
nuclei·CVSS 7.5
CVE-2024-27292 [HIGH] Docassemble - Local File Inclusion
Docassemble - Local File Inclusion
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
Template:
id: CVE-2024-27292
info:
name: Docassemble - Local File Inclusion
author: johnk3r
severity: high
description: |
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
impact: |
Unauthenticat
No writeups or analysis indexed.
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvvhttps://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv
2024-03-21
Published
Exploited in the wild