cbcvebase.
CVE-2024-31851
published 2024-04-05

CVE-2024-31851: A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an…

PriorityP265high8.6CVSS 3.1
AVNACLPRNUINSUCHILAL
EXPLOIT
EPSS
2.91%
85.2th percentile
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.

Affected

1 ranges
VendorProductVersion rangeFixed in
cdatasync< 23.4.884323.4.8843

Detection & IOCsextracted from sources · hover to see the quote

path/src/getSettings.rsb
cookieapiserver_jsessionid
  • Detect path traversal attempts using backslash characters in URI targeting CData Sync; look for requests containing '/ui/..\src\' pattern in HTTP request paths — Jetty does not reject '\' characters in URIs unlike Tomcat.
  • A successful exploitation returns HTTP 200 with Content-Type 'application/json' and body containing '"items":[{', ':"true"', and 'notifyemail' — use these as response-based detection signatures.
  • The attack bypasses security constraints defined in web.xml by exploiting how Jetty processes servlet mappings — flag unauthenticated access to restricted endpoints via backslash-encoded traversal sequences.
  • The response header 'Content-Disposition: attachment; filename=GetSettings.json' in combination with HTTP 200 on the traversal path is a strong indicator of successful exploitation.
  • ·The path traversal vulnerability only affects CData Sync when deployed using the embedded Jetty server. Deployments on Tomcat are NOT vulnerable as Tomcat rejects backslash characters in URIs.
  • ·Only the Java version of CData Sync is affected; versions >= 23.4.8843 are patched.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.