CVE-2024-51483
published 2024-11-01CVE-2024-51483: changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files…
PriorityP348medium6.9CVSS 4.0
AVNACLATNPRNUINVCLVILVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
2.29%
81.0th percentile
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dgtlmoon | changedetection.io | < 0.47.5 | 0.47.5 |
| dgtlmoon | changedetection.io | >= 0 < 0.47.5 | 0.47.5 |
Detection & IOCsextracted from sources · hover to see the quote
path/preview/{{uuid}}
othercontains(body,'root:x:0')
- →Detection via nuclei-style template: fetch /preview/<uuid> endpoint and check response body for 'root:x:0' string indicating successful /etc/passwd exfiltration
- →Nuclei template matches on HTTP 200 response with content-type text/html and body containing 'root:x:0' to confirm exploitation
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
changedetection.io Path Traversal
ghsa·2024-11-01
CVE-2024-51483 [MEDIUM] CWE-22 changedetection.io Path Traversal
changedetection.io Path Traversal
### Summary
When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked
### Details
The root cause is the payload source:file:///etc/passwdpasses the regex [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19) and also passes the check [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35) where a traditional file:///etc/passwd would get blocked
### PoC
[CL-ChangeDetection.io Path Travsersal-311024-181039.pdf](https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf)
### Impact
It depends o
OSV
changedetection.io Path Traversal
osv·2024-11-01
CVE-2024-51483 [MEDIUM] changedetection.io Path Traversal
changedetection.io Path Traversal
### Summary
When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked
### Details
The root cause is the payload source:file:///etc/passwdpasses the regex [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19) and also passes the check [here](https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35) where a traditional file:///etc/passwd would get blocked
### PoC
[CL-ChangeDetection.io Path Travsersal-311024-181039.pdf](https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf)
### Impact
It depends o
No detection rules found.
Nuclei
Changedetection.io <= 0.47.4 - Path Traversal
nuclei·CVSS 6.9
CVE-2024-51483 [MEDIUM] Changedetection.io <= 0.47.4 - Path Traversal
Changedetection.io \n.*?uuid=(.*?)"'
internal: true
- raw:
- |
GET /preview/{{uuid}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- "contains(body,'root:x:0')"
- "contains(content_type,'text/html')"
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022030175b94edc512a147f3b8ad71c1b4b39a1843a23a77f5da6ec026c7f1571c89022100aa50c56bbaf0d9beba6555888056772fef1b632ef9c0bb3f4eae378cc38e8e40:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77rhttps://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf
2024-11-01
Published