cbcvebase.
CVE-2024-40348
published 2024-07-20

CVE-2024-40348: An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.

PriorityP269high8.2CVSS 3.1
AVNACLPRNUINSUCHINAL
EXPLOIT
EPSS
8.29%
94.2th percentile
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.

Affected

1 ranges
VendorProductVersion rangeFixed in
bazarrbazarr<= 1.4.3

Detection & IOCsextracted from sources · hover to see the quote

path/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd
path/api/swaggerui/static
yara
regex: root:.*:0:0:
  • Detect unauthenticated GET requests to /api/swaggerui/static containing path traversal sequences (e.g., ../../../../) targeting sensitive files such as /etc/passwd.
  • Responses to successful exploitation return HTTP 200 with Content-Type: application/octet-stream and a body matching the pattern root:.*:0:0: (Unix /etc/passwd content).
  • Fingerprint the target as Bazarr by checking for 'content="Bazarr', 'window.Bazarr', or similar strings in the response before triggering the traversal probe.
  • ·The vulnerability affects Bazaar (Bazarr) v1.4.3 specifically; the traversal endpoint is unauthenticated, meaning no credentials or session tokens are required to exploit it.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.